"The Subtle Art of Not Giving a F*ck"."Everything Is F*cked"."Unfu*k Yourself". Book idea: "Shut the f*ck up." Reject trashy pop sci self help titles.

RT @PwnieAwards: Great news! The Pwnie awards nominations are now open!.

Acid Capital : Shitpost Policy.

"I'm making a massive database of every security bug ever found in software.". "That's a wonderful public service, what information are you including?". "As little as possible!". "Sick!".

Expanding further: The major failure of CVE is the lack of material information contained (or required) within the standard. I can't count the number of times i've had to pivot off platform on a scavenger hunt for a writeup. This can and should be consolidated.

Q: Why is this useful?. A: Hypertaxonimization a la Mitre ATT&CK creates pitfalls where we're chasing order for chaos. Nature is inherently chaotic. If we can catalog that, we can certainly manage it for bugs. A2: Because I like it.

The potential retirement of CVE creates an incredible opportunity for the introduction of a more descriptive and (frankly useful) standard. One thing that would be particularly beautiful would be the implementation of animal kingdom latin naming conventions for bug classes.

I am once again tapping the sign

You're not supposed to talk about it but in the UK computers all use big endian.

RT @ShickDits:

UMN was the hero OSS needed, not the one they wanted.

If both parties need the underlying technology to work safely and securely the cost for a valid cyber attack pattern against it increases exponentially. Requires elaborate key'ing a la XZ. Reduces value of deliberate bugdoors which could be easily flipped.

This is actually a good thing. Neoliberal economic globalism is offensive cyber deterrence strategy. Two countries with Windows XP based nuclear launch controls will never go to war with each other.

Vendor maximalism. Fully randomized attack surface.

The only way to build resiliency is by deploying anti-trust on infosec companies based on their sq footage at black hat conf. Put the entire attack surface in a blender. "Operation gazpacho".

RT @DistrictCon: 🚨The Junkyard Call For Bugs is Open! 🚨We want you to bring your most impactful, creative, or most meme-y bugs in end-of-li….

When Dan Geer said "Hey actually everyone using msoft could be a bad thing" what he meant to say was "if you give everyone the same pager their balls are going to explode at the same time"

RT @__winn: I’m SO stoked to finally announce @DistrictCon - a new DC hacker conference, bringing together hackers across industries to do….