RT @Magoo: Securing Customer Support:

Ramping up on bluesky 🦋:

RT @cryps1s: I'm thrilled to announce that I've joined as CISO, alongside @embeddedsec, at @OpenAI. Security is germane to OpenAI's missio….

In the wild exploit in Firefox, disclosed and fixed within 25 hours.

My "Starting Up Security" writing correlates to my caffeine intake which has dropped off over the last few years. Today I got tricked into an actual coffee, so drafts are open. Taking any requests, just DM ☕️.

RT @clintgibler: “Detection is a problem I describe as deceptively tractable.”. @Magoo on 🔍 Prioritizing Detection Engineering. Proposed i….

I will be really surprised if these were not sabotaged before delivery somehow.

See:

Malware (!!??!!) may have been the factor in an attack that blew up hundreds of Hezbollah Operatives pagers in an attack.

I wrote about how detection engineering should be prioritized in a security program. Feedback and discussion welcome!.

The boring security management stuff. 🤣 Managing a quarterly security review: . Feedback welcome as usual.

Should CVE-2024-38063 be more widely discussed? . It's a zero click IPv6 RCE (????). Am I just not reading this right?. Normally there's a of panic about ITW exploitation, exposed hosts, and wormability for a vuln like this. I gotta be missing something.

RT @christinacaci: 1/ Thrilled to announce we’ve raised $150mm Series C at a $2.45bn post valuation led by @sequoia alongside our existing….

Offensive work, detection engineering, and compliance are especially common sources of painful imbalances. Easy to argue to include others too. My written commentary has mostly been on negative imbalances, but they can be framed positively too.

In this essay, I suggest a model for security work that tries to wrap around and reduce toil from ops, incidents, and surprises from the business. This is just another way of looking at the overall work created by a security org, becoming efficient.

And elaborated on it further in Starting Up Security. ctrl+f for "Law of the Lever", mostly framed around the areas of building and breaking and how we identify our security work around those concepts.

In my 2017 detection engineering essay I describe it as the "Work Lever" failing, the anti-pattern of generating a bunch of poor detections that crush yourself and everyone around you.

A good read on work imbalances in security orgs, a topic I have touched on often over the years. Adding some things to the discussion from my experiences working with teams. A short 🧵 /1.

So, Dropbox should instruct customers to look for recent API abuse in the time window of the incident, if they haven't already. That may be the only way to discover theft via API, if they explicitly share incident facts to customers impacted.