New book, romance scams, AI deepfakes... oh my!
Jessica Barker MBE discusses all as she joins Marc Maiffret in this recent beyond trust podcast episode 👇

New Google Chrome Blog: blog.chromium.org/2024/04/fighti…

Windows 11 VBS and TPM defaults are used by Chrome to prevent cookie theft.

'Chrome will use facilities such as Trusted Platform Modules (TPMs) for key protection, which are becoming more commonplace and are required for

Had fun last weekend talking to my podcast co-host James Maud. He attempted to drag Okta honeypot info out of me, almost! beyondtrust.com/podcast/ep-40-…

Oct 2nd we prevented an attack on an Okta account. Forensics led us to believe that the point of entry was actually due to a compromise within Okta's Support environment. Okta has now confirmed that to be the case, other customers affected. beyondtrust.com/blog/entry/okt…

This feature story is a companion piece to news story I wrote last week about how Justice Department/Mandiant/Microsoft actually uncovered the SolarWinds hack 6 months before it got publicly exposed, but didn’t know the significance of what they’d found wired.com/story/solarwin…

I'm in Miami for BeyondTrust Go Beyond!
I am so excited for my Keynote on Wednesday!

NSA is hiring!

m.washingtontimes.com/news/2023/feb/…

SpaceX and our Starlink team will be at DEFCON 30 (DEF CON). Are you attending? If so, come stop by and check out our Starlink hardware at the Radio Frequency Village (@rfhackers)! We'll be there Fri & Sat from 10am - 6pm. See you there!

#defcon30 #starlink #spacex

Had an awesome time chatting with Tanya Janca recently. Try to catch her at one of the many events she has going on at #RSAC this week

If your entire enterprise security model crumbles because a user fell for a phish, that's not the user's fault.

My unsolicited advice to young hackers: don’t get stuck for too long with CTFs, don’t be afraid to move to real-world stuff. It’s more fulfilling and interesting than you think.

Chances are that real-world challenges are even easier than CTFs (for some definitions of “easier”).

Brown Glock haroon meer Halvar Flake Headcount is meaningless because it creates the perverse incentive of wanting to build big teams instead of wanting to build great products.

It's also really discriminatory¹.

__
¹ If we employed hydras or Cerberus or other creatures with multiple heads do they count as 1 or 3?

I’m starting to think that every product org should have at least one senior+ engineer who isn’t beholden to a roadmap and who just goes around making little quality of life improvements everywhere

Was giving a presentation about Stuxnet to students at the National Defense University today when news of the new ICS malware (Pipedream/Incontroller) broke. Full circle moment from when that first ICS malware was discovered in the wild nearly 12 yrs ago and opened Pandora's box

Scott Detrow What do you know, I drove past it, too.

Here's a personal thread.
Marc -Chameleon- Maiffret (Marc Maiffret) is a long time friend. We met on the IRC around 1996 or 1997 I think. He was part of the #Rhino9 group. We all owe a great improvement of Microsoft products to this hackers group.

I was recently interviewed on the Joel Beasley podcast by Joel Beasley. They did their homework, even asked about one of the times I got cursed out on the phone by a leader of Microsoft’s security team. moderncto.io/marc-maiffret/

Mykhailo Fedorov Starlink service is now active in Ukraine. More terminals en route.

Solardiz was a tremendous influence & inspiration for me throughout my work in computers.

I continue to admire him. Read what he tweets.

Sagan and Marshall McLuhan pretty much called it.