For the record, I pointed out this issue to the Amazon S3 team in 2006. They recommended keeping my S3 bucket names secret.

Last night a blog post showed that AWS charges for access denieds on S3 buckets, resulting in one person being charged over $1300 for 100M requests against a private S3 bucket in one day. I believe the only solution is for AWS to change their pricing.🧵1/6 medium.com/@maciej.pocwie…

Breaking: IBM/Red Hat to announce a merger of Terraform and Ansible named, wait for it, Terrible 🥳.

been there done that!

ChatGPT and its ilk are making people worse at writing, in a more insidious way than social media or text messaging ever did.

Woah Daniel, how can that be true? What you've heard and seen is that LLMs lift the base capability of a below-average knowledge worker. However, I'm…

MITRE ATT&CK is astrology for security nerds.

I am over the fscking moon about this:

elastic.co/de/blog/elasti…

This is absolutely awesome!

This is awesome!

Strap in, we's going on a ride, a static analysis ride. I recently came across this paper, which looked at a wide variety of SAST tools against a number of Java apps.

Java being the choice of enterprise, and often not the best Java approaches out there, so it's a good choice

whoops! '... we realize such performance is actually no better than a random guess ...'

I’m looking forward to Device Bound Session Cookies which would have a meaningful impact on the online security of billions of people. blog.chromium.org/2024/04/fighti…

Gordon Ramsay Kitchen Nightmares but for (startups / cloud cost).

Using Python tooling is like flying a Boeing

Our latest research looked at what really matters to #productsecurity teams in Software Composition Analysis ( #supplychainsecurity ) - comparing 3 popular tools. Which is best for you? Read the post! blog.doyensec.com/2024/03/14/sup…
#doyensec #security #dependabot #snyk #semgrep #infosec

Awesome paper about Linux offensive/defensive eBPF internals. Make no mistake, the future of advanced Linux attacks, container escapes and rootkits is eBPF. Importantly, all Linux EDRs are also based on eBPF ^^ double-edged sword as I mentioned in the past usenix.org/system/files/u…

When your cybersecurity team makes you use a different password for every site.

Tyler Hudak spencer

Fun fact: if you spend $1M/year with DataDog they let you pet the dog

I am *extremely* happy to report that Elastic has filed a ticket to donate the universal profiling agent (the multi-runtime frictionless eBPF profiler formerly known as prodfiler) as project to OpenTelemetry. This is of course still pending TC review and many other step, but...

One time a SaaS app implemented SSO while still requiring us to manually create all users via the UI. Infuriating !