Jen Andre

Jen writes about security & software stuff. Twitter: @fun_cuddles

I long for the future where I can safely assume my passwords are stolen

The security professional in myself wants to believe that recent Living Social breach is teaching us all one…

Hackers or Engineers?

who to hire for your startup, and why

I’m going to to talk about two archetypes I’ve observed over my career as a developer, the Hacker (the programmer kind, not the software breaking kind) and the Engineer.

How to Spot a Hacker

Hackers get shit done, and fast. It may not be the most elegant or scalable…

Docker breakout exploit analysis 

a summary and line by line overview

Recently, an interesting Docker exploit was posted ( that demonstrates an information leak where a Docker container can access some privileged filesystem data where it shouldn’t. As I was just discussing the relative merits of using Docker, and how…

Startups, Security, and Noble Vision

I sent an email out to @all at Threat Stack, and I thought it would be worth cleaning up to post here…

“Noble Vision”

I heard a CEO mention this concept during a Tech Stars talk then ran into it again reading some awesome articles on Harvard Business Review (e.g.

free startup ideas for technical cofounders

#1: solve micropayments for content

This is likely the first in a series of thoughts I have for startup ideas. I am, in many cases, not a subject-matter-expert, and am talking out of my ass. Is the idea valuable? Maybe. But it’s all about the execution.

You know what is annoying? Watching ads or…

Is reading code like reading music?

yes and no

I’m not talking about sight-reading

Sight-reading is not at all like reading code. By sight-reading, I mean the ability to look at a score and perform it on-demand. Sight reading is largely a factor of how much time you have practiced at recognizing patterns, it is a linear process from ‘a’ to ‘b’ and…

Opening files in Node.js considered harmful

TLDR:, fixed in libuv v0.11 branch

I found a bug that I thought was interesting since it is in a ‘mature’ platform (Node.js) and a potential major security vulnerability and resource leak.

At my job, we written an agent component that consists of a Node.js…

“Yt? Seeing something odd in the logs…”

A tale of a suspicious Linux process (with a dash of dog food thrown in)

Cloud Security is not a binary question

If you think Rick Spickelmier is correct, you’re dead wrong.