Category: Security

Minimum privilege

A while ago, when I was young, I liked to accrue access. This was back in the days. I was one of the old timers. My badge opened every door. I had most of the root passwords. I could do anything — because...

Read More

CurrentC: Fail!

As I was writing yesterday about my initial experiences with Apple Pay. On the tail of that I learned on Thursday or Friday that there’s a bunch of NFC-compatible terminals that are being turned off by various merchants...

Read More

Amazon Security

A quick one today… Amazon is serious about security. We really are. To the point where we have a three-day security conference just for us. Security is what Amazon is built on. Between the retail storefront and our AWS...

Read More

Protocol – Riff

I was looking at XKCD’s Wednesday’s comic and I had a good laugh. I was working on a project at Amazon around 8 months ago and I had made a funny (to me) bit of a slide for a report. The XKCD: Mine (with tons...

Read More

Security and Guessability

I ran into an interesting (though quite obvious) vulnerability in a site that I was looking at today. The idea is that you buy access to a file and then you go ahead and download it. No problem — in fact it’s a...

Read More

Thinking like a hacker

A friend of mine just had his house finished and the keys got handed over. Exciting! Awesome! It’s post to Facebook exciting!! Up until you realize that the key is the physical artifact that gives you access to the inside...

Read More