collin
@libber
Followers
2K
Following
7K
Media
8
Statuses
340
Joined September 2007
An excellent writeup of what makes data "sensitive" and what that means for security and privacy.
0
0
0
The differences between performing privacy and security work in a big company for my fellow computer security people. I'm still newer to privacy work so this is my "most likely to be wrong" writeup, feedback welcome.
0
0
5
Thoughts on how to maximize success as an infosec team that needs to roll out changes people may not like - .
0
3
22
Shift left in 60 seconds - I've had success with shift left as a central strategy of infosec teams for the last n years and attempted a tl;dr of it without marketing fluff.
0
1
11
3/ Our goal with these is to celebrate bug hunting and share our lessons with the larger security community. This is our 1st Bug Bulletin and we welcome feedback on how we can make if more useful and informative.
1
0
13
2/Our first report includes cool bugs found by our Red Team X, Bug Bounty team and ProdSec. I’m excited to see our teams’ work out there and shared with the security community. I am also happy to see cool work by our #BugBounty researchers shared cc @samm0uda @phwd_.
2
0
16
1/ We just published our first Bug Bulletin, the spot where we aim to share cool bugs we found in our own and external code, and how we found them 🧵.
4
80
332
Infosec celebrated at a college football game, a first? @nudehaberdasher where is the cruise+pitt collab? :).
So the coolest thing happened today. @UofMaryland invited my students Kevin Bock, Kyle Hurley, and me onto the field for winning the @USENIXSecurity / Facebook Internet Defense Prize!
1
2
14
Outages won't stop facebook awarding money to good security work, here are this years 3 winners of the internet defense prize:
0
3
21
RT @GrahamBleaney: I'll be presenting "Teaching an old dog new tricks: Reusing security tools in novel domains" at #Enigma2022 in Santa Cla….
0
1
0
Open sourcing our 3rd and most recent homegrown static analysis, this time for mobile/java:
0
13
42
Two folks on the Facebook product security team are presenting on our language-spanning security static analysis work. We are always hiring, SEA, MPK, NYC, LON:
0
2
19
Be well @dakami, RIP. One of the purest humans I've ever met. You embodied the best of [hacking, curiosity, fellowship]. The vista pentest summer was one of the best of my life. Even as you mercilessly crushed us at streetfighter2 literally one-handed.
This thread is absolutely a love letter to everything I’ve treasured, being an Infosec nerd. A *lot* of people were kinder than they had to be. I’m proud to say I did everything I knew to return the favor, and not ashamed to admit I didn’t always know how. But I can document :).
0
2
26
RT @GrahamBleaney: For those attending @pycon (it's too late to sign up!), check out the out the talk @the_st0rm and I are giving on the my….
0
7
0
A decade of facebook bug bounty. 130,000 reports, 6,900 valid, 11.7million paid out. An incredible team of folks lead this program now - it started in a basement and with us taking weekly trips to western union to send money orders to fulfill bounties.
0
7
42
Two improvements to the Facebook bug bounty: HackerPlus our loyalty program ( and Facebook Bug Description Language (FBDL, a way to represent the repro of a bug for ease of understanding and increased payouts.
0
24
100
Sometimes we find bugs in code that isn't ours, now (following the p0 playbook) we have a pathway to disclose them
1
6
40
Hack an oculus headset, or a portal at pwn2own this year. Win cash, prizes, glory.
Looking forward to this event and our participating with our devices for a 2nd consecutive year! Hack on, #Pwn2Own!.
0
0
6