David G

2.3K posts

David G

@Primed_Mover

Web application & cloud security https://t.co/9Edaik6raZ

Beigetreten Temmuz 2015

3.1K Folgt392 Follower

David G@Primed_Mover·11 May

Sadly not making it to fwd:cloudsec this year, but I have several tickets I'm selling for face value if you're interested.

English

David G retweetet

SecuriTEA & Crumpets@SecuriTnC·2 Şub

The next SecuriTEA & Crumpets is out! Check out my chat with @Primed_Mover where we talk about Egress Filtering in AWS, his academic work, and #supplychain security #infosec #appsec youtube.com/watch?v=xjSESr…

YouTube

English

566

David G retweetet

CactusCon@CactusCon·10 Oca

Join us online or in person on January 27th with @Primed_Mover presenting: "Egress Filtering in AWS; And other Sisyphean tasks" Register now or check out our amazing schedule @ cactuscon.com! #cybersecurityconference #infosec #cc11

English

314

David G@Primed_Mover·15 Ara

@leifdreizler 2 mentions in one tl:dr sec, is that a record?

English

Leif Dreizler@leifdreizler·15 Ara

What an incredible group of folks to be mentioned alongside of 🥰 Thanks for featuring my post in the subject line, Clint!

Clint Gibler@clintgibler

📚 tl;dr sec 162 With great work from: @DarknetDiaries, @Jhaddix, @travismcpeak, @d0nutptr, @dgentry, @MayaKaczorowski, @alsmola, @JimWoolfenden, @Frichette_n, @AmitaiCo, @JulianWieg, @gafnitav, @Magoo, @eastsidemccarty, @ryanaraine, @leifdreizler tldrsec.com/blog/tldr-sec-…

English

David G retweetet

Mosquito Capital@MosquitoCapital·18 Kas

I've seen a lot of people asking "why does everyone think Twitter is doomed?" As an SRE and sysadmin with 10+ years of industry experience, I wanted to write up a few scenarios that are real threats to the integrity of the bird site over the coming weeks.

English

1.1K

14.4K

56.5K

David G retweetet

kadhim (＾ｰ^)ノ@kadhim·17 Kas

THE FTX FIRST DAY DECLARATION New CEO John Ray is scathing about Sam Bankman-Fried's management. "Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information." pacer-documents.s3.amazonaws.com/33/188450/0420…

English

274

2.5K

9.8K

David G@Primed_Mover·16 Kas

Best explanation of Oauth2.0 from @antonal80

English

David G retweetet

Jason Geffner@JasonGeffner·15 Kas

My organization is hiring interns! See careers.microsoft.com/us/en/job/1458… to apply!

English

David G retweetet

Lyft Engineering@lyfteng·2 Kas

New Blog Post! Software Engineer Dean Liu takes us through how the Security team achieved egress network traffic filtering for all services at Lyft: medium.com/lyft-engineeri…

English

David G retweetet

60 Minutes@60Minutes·7 Kas

“It’s almost like [Chinese company Bytedance] recognize[s] that technology’s influencing kids’ development, and they make their domestic version a spinach TikTok, while they ship the opium version to the rest of the world,” says Tristan Harris. cbsn.ws/3E3GGwa

English

938

8.7K

23.4K

David G@Primed_Mover·7 Kas

Happy to say that my talk, "Egress Filtering in AWS; And other Sisyphean tasks" has been accepted!

CactusCon@CactusCon

Dang y'all, we had so many incredible -- and some *spicy* -- submissions this year it has been so tough to narrow it down. We should have confirmations sent to speakers by some time this weekend. Thanks to ALL OF YOU who submitted, it was tough competition this year! #cc11

English

David G retweetet

Eric Mill@konklone·25 Eki

Oh, now this is a great step forward - the @FTC just released an order imposing security requirements on Drizly that not only require MFA be used internally, but that the MFA be phishing resistant: ftc.gov/system/files/f…

English

David G@Primed_Mover·19 Eki

Back to on-prem/ colo is becoming a very fashionable idea! I think the biggest impediment might be staffing.

DHH@dhh

"Of course it's expensive to rent your computers from someone else. But it's never presented in those terms. The cloud is sold as computing on demand, which sounds futuristic and cool, and very much not like something as mundane as 'renting computers'." world.hey.com/dhh/why-we-re-…

English

David G retweetet

Patrick Coffee@PatrickCoffee·19 Eki

Advertisers have been tracking how you browse, watch and shop online and IRL for years. Now Uber will let brands target you based on where, exactly, you’re going at the moment — and where you’ve been. wsj.com/articles/uber-…

English

David G retweetet

Infosecurity Magazine@InfosecurityMag·19 Eki

🛑 [NEWS] US video game publisher 2K has warned players of its titles not to click on links sent out by its help desk recently, as they are likely to be malicious > @philmuncaster reports bit.ly/3C382QL #malware #passwordsecurity

English

David G retweetet

Scott Piper@0xdabbad00·14 Eki

It's great to see a company talk about the migration and some of the gotchas of migrating to FIDO2 enforcement. "Buy yubikeys" is NOT the work involved in these efforts. I'm baffled that neither Yubico nor Okta offer meaningful assistance in these migrations.

Jack@jack_naglieri

One of the first things I did at Panther was configure SSO and hardware MFA. Read about how our team has up-leveled with FIDO2 and Okta: panther.com/blog/going-phi…

English

David G retweetet

The Register@TheRegister·14 Eki

Store credit card numbers in a debug log, lose millions of accounts. Cost? $1.9m reg.cx/462q?utm_sourc…

English

David G retweetet

switched@switch_d·13 Eki

FCC to ban all new Huawei and ZTE equipment on national security grounds | Ars Technica arstechnica.com/tech-policy/20…

English

David G@Primed_Mover·13 Eki

@1njection @MikeGizara4624 I uhhhh don't know what to tell you if you've never been to a conference with any payment for speakers, even if it's just a badge, dinner, and a gift card.

English

@[email protected]@1njection·13 Eki

@MikeGizara4624 Sure, but these are two different industries. I could list 50 festivals that bands get paid at, I can’t list a single infosec conference where I’ve seen a speaker be paid

English

@[email protected]@1njection·13 Eki

I’m a little confused, do big name infosec people expect to be paid for giving conference talks?

Lesley Carhart@hacks4pancakes

I beg y’all to stop asking me to work hard and prep talks, decks, etc to *promote your company* that I am not employed or paid by, for free. It’s almost unabashed how little people value my time. It’s hurting me financially. I’m losing money doing free work out of kindness.

English

David G@Primed_Mover·13 Eki

There are exceptions, like when encryption provides an additional layer of defense in case a resource is inadvertently made public.

English

David G@Primed_Mover·13 Eki

I'd take this a step further and argue TLS and encryption at rest in the cloud are also pretty tinfoil hat.

Clint Gibler@clintgibler

🎩 Confidential Computing Is for the Tinfoil Hat Brigade @QuinnyPig's 🌶️ take: the threat model for confidential computing doesn't make sense e.g. Preventing data access from cloud operators, malicious admins, privileged software like hypervisors lastweekinaws.com/blog/confident…

English

Entdecken

@leifdreizler @antonal80 @FTC @philmuncaster @1njection @elonmusk @BarackObama @taylorswift13