Category: Uncategorized

  • How to talk to your parents about #Log4Shell

    I’ve seen a bunch of totally bananas takes in the news on the vulnerability in the Java library known as Apache Log4j (log-for-jay, logforge, let’s call the whole thing off). If you’re like me and have non-technical family and friends who may have out of body experiences when hearing the words “cyber”, “vulnerability”, “cloud” and…

  • JUST LEAVING THIS HERE

    In the event anyone wants to use this for something.

  • Америка

    On this eve of the 20th anniversary of that day we will be beaten over the head about how we should never forget it tomorrow, and about how it changed America, I feel it is important to point out that 9/11 did not actually change America- it just destroyed the illusion of what America was…

  • You say Kah-say-ah, I say Kuy-see-ya, let’s call the whole thing off

    You say Kah-say-ah, I say Kuy-see-ya, let’s call the whole thing off

    Just to clarify all the things, here are what you should take away from the REvil Kaseya exploit: Kaseya was working on a patch for a properly disclosed vulnerability and doing everything right until someone else found out there was a vulnerability and then it was all over. We don’t have proof the exploit was…

  • Gogol it (some gogolesque notes on legitimate cloud service abuse)

    Gogol it (some gogolesque notes on legitimate cloud service abuse)

    Does that traffic to commercial public cloud services and web-based applications seem legitimate to you? Bad actors are abusing the shit out of cloud services: Google Docs, Google Forms, Discord, and others, concealing their badness in TLS and the reputation of big cloud brands. This post is an ongoing notebook on both found abuses of…