As an engineer, I ❤️ clever engineering. Ruby on Rails relies on signed sessions (AES GCM). They are secure, but there is a catch: you cannot invalidate them early. You have to wait for expiry. Workarounds exist, like caching sessions you want to kill, but nothing universal.

Articles worth reading discovered last week: 🧠 https://t.co/kksAYewMLg 🤖 https://t.co/1DwIn3xxwX 🧱 https://t.co/fVqeXL4u9l 🕵️‍♂️ https://t.co/TMsDH6gnLE 💥 https://t.co/avk8jOb3gJ 📜

Heading to @CHCon_nz next week! Come say hi at the @PentesterLab booth 👋 First people with an active PentesterLab sub get a free t-shirt 🎁 First in, first served!

You’re not the customer, you’re the data stream. Every “free” message, file, and login you create is a micro-investment, just not in your own business. It’s funding someone else’s data vault.

Anyone knows what the end goal is with those? @GitHubSecurity

The TIOBE Index is a psy-op operation from Python lovers. 🐍

I had a great time at BSides Perth this week-end! My talk went well, people even laughed at some of my jokes, and the entire room unanimously agreed that Ruby is the best programming language. What a success!

https://t.co/MmfAoTIcGD We are live!

Imagine if knuth chose 1 BTC instead of $2.56

TIL: you can get a CVE if an application accepts passwords that are too long... https://t.co/qPdnLctTg9 (in before, I know about bcrypt truncation)

Here is a great platform you can learn & practice "All ABout Bug Bounty From Recon To Exploitation" https://t.co/N27mYwh0yO #Bug_Bounty

📝 Effective Note-Keeping for Web Security Code Reviews Blog: https://t.co/37f3azi439 author: @snyff #infosec

In 2003 I learned through the research of Damasio that there is no such thing as a decision made without emotion. Amazes me how many people still say "control the emotion" - a logical fallacy. In 2008, I learned that the brain is a prediction machine. In 2015 , I learned that

Wanna up your Go secure code review game? Spot timing attacks, ZIP slip, hard-coded secrets & weak randomness! All with code examples. 🔐 Read: https://t.co/yKhTO5L2t0 #AppSec #Go #Cybersecurity

@0xMstar OSCP first, but then I’d go for CWEE instead (Gold Annual from HTB). If you want specific appsec - https://t.co/DaEldybakp for code review, and n-day/research @steventseeley ‘s full Stack course (he wrote the OG modern OSWE course material from memory)

Most Important Subdomains - development - test - production You might encounter applications that companies shouldn't open to the internet. If you're lucky, you could make big profits. Thanks legend @snyff #EthicalHacking #BugBounty

https://t.co/0SWajNAoza

Food $400 Data $100 Rent $850 H100 $36,000 Utility $150 Can someone who is good with money help me budget this? My family is dying.

Also from white-hat Louis:

White-hat louis strikes again:

Wait vercel is a website thingy? I thought it was an insult for frontend devs like incel

In @FortuneMagazine’s latest robotics commentary, OpenMind Founder @JanLiphardt explores a key question: "How do you trust a robot you've never met?" Only through transparent, enforceable, and human-first standards can we truly build trust with robots. (Full Article Below)

As one of my teachers used to say: eval() is evil...

Speaking at @BSidesPer soon (Only there on Sunday but I'm bringing swag). I’ll present the same talk (slightly different forms) at @kawaiiconNZ and Hack The Hills! The main idea: Most people don’t look at the actual code changes when a CVE drops.