julie78787
- Karma
- 22
- Created
- October 19, 2015 (10y ago)
- Submissions
- 0
I make stuff secure and my stuff runs on billions of things. I also make stuff go fast. All sorts of stuff, some of has wheels and some of which runs on computers. I also like making small stuff. Lots of stuff. Stuffy stuff.
[Disclaimer: I work for AgileBits. I also started the #slack-murderer hashtag inside :slack: before we switched over. My opinions are my own. Just ask anyone at AG!] "Slack is heroin" is pretty accurate. Instant…
No, it's pretty spot-on. People try to divide security vulnerabilities into "super-obviously-bad" and "no one will ever find / exploit / do much of anything with it." The problem is that rather often little holes can be…
The problem is that quite often security professionals say "No", provide reasons, and the person doing the asking insists that convenience is more important than security. My favorite story of all time, which I'll share…
Except that you can attack stored encryption secrets either off-line, or with the same privileges as the user. If they are hard-coded in the binary, they can be extracted off-line by another use with the same binary. If…
But even if they could, UNIX domain sockets aren't immune to attacks. That sort of the problem with "First, assume your machine has been pwn'd".
Not necessarily. Malware only requires privilege if it is violating a security policy. There are a variety of attacks in which a process executing as a user is able to access resources controlled by other processes…
Correct - Least Privilege says you do the absolute least you need to do in order to make things work, so that any errors are limited to that one part of the system. What's been done here by Wireshark isn't least…