I long for the future where I can safely assume my passwords are stolen
The security professional in myself wants to believe that recent Living Social breach is teaching us all one…
Jen Andre
Jen wrangles things @ https://www.threatstack.com. Twitter: @fun_cuddles
I. M. H. O.Jen AndreApr 28, 2013
Hackers or Engineers?
who to hire for your startup, and why
I’m going to to talk about two archetypes I’ve observed over my career as a developer, the Hacker (the programmer kind, not the software breaking kind) and the Engineer.
How to Spot a Hacker
Hackers get shit done, and fast. It may not be the most elegant or scalable…
Docker breakout exploit analysis
a summary and line by line overview
Recently, an interesting Docker exploit was posted (http://stealth.openwall.net/xSports/shocker.c) that demonstrates an information leak where a Docker container can access some privileged filesystem data where it shouldn’t. As I was just discussing the relative merits of using Docker, and how…
Startups, Security, and Noble Vision
I sent an email out to @all at Threat Stack, and I thought it would be worth cleaning up to post here…
“Noble Vision”
I heard a CEO mention this concept during a Tech Stars talk then ran into it again reading some awesome articles on Harvard Business Review (e.g. http://blogs.hbr.org/2014/05/managing-a-negative-out…
On the other side of a booth
This article was inspired as a reaction to this WAPO article: http://www.washingtonpost.com/blogs/the-switch/wp/2014/02/27/heres-what-its-like-to-be-a-booth-babe-at-cybersecuritys-biggest-conference/?tid=pm_business_pop
You think it’s frustrating to be a booth babe? You know nothing, Washington Post.
free startup ideas for technical cofounders
#1: solve micropayments for content
This is likely the first in a series of thoughts I have for startup ideas. I am, in many cases, not a subject-matter-expert, and am talking out of my ass. Is the idea valuable? Maybe. But it’s all about the execution.
You know what is annoying? Watching ads or…
Is reading code like reading music?
yes and no
I’m not talking about sight-reading
Sight-reading is not at all like reading code. By sight-reading, I mean the ability to look at a score and perform it on-demand. Sight reading is largely a factor of how much time you have practiced at recognizing patterns, it is a linear process from ‘a’ to ‘b’ and…
Recommended by Jen Andre
Opening files in Node.js considered harmful
TLDR: https://github.com/joyent/node/issues/6905, fixed in libuv v0.11 branch
I found a bug that I thought was interesting since it is in a ‘mature’ platform (Node.js) and a potential major security vulnerability and resource leak.
At my job, we written an agent component that consists of a Node.js…
“Yt? Seeing something odd in the logs…”
A tale of a suspicious Linux process (with a dash of dog food thrown in)
Cloud Security is not a binary question
If you think Rick Spickelmier is correct, you’re dead wrong.
I. M. H. O.Jen AndreAug 4, 2013
GitHub and my open source life
I really like GitHub. Who doesn’t? Like many programmers, I will grumble about little things (ahem, how their latest redesign shoved the clone URL into a tiny box in the right hand corner that ALWAYS masks the URL), but overall, I am pleased as punch with how easy it is to manage my Git repositories.