HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mh_

no profile record

Submissions

It's our birthday – so we built everyone this retro game

canary.tools
1 points·by mh_·10 miesięcy temu·4 comments

Caring

blog.thinkst.com
1 points·by mh_·w zeszłym roku·0 comments

Vendor Booths don't have to suck (and why your startup should reconsider them)

blog.thinkst.com
1 points·by mh_·2 lata temu·0 comments

Hacking as a pathway to building better Products

blog.thinkst.com
3 points·by mh_·2 lata temu·0 comments

Unfashionably secure: why we use isolated VMs

blog.thinkst.com
305 points·by mh_·2 lata temu·243 comments

Wrong on the Internet

twitter.com
1 points·by mh_·2 lata temu·0 comments

Be careful of the examples you use. They stick

blog.thinkst.com
199 points·by mh_·3 lata temu·128 comments

Seasonal themes, delighting users and small UX touches

blog.thinkst.com
1 points·by mh_·4 lata temu·0 comments

Is Elon Beyond Reproach?

twitter.com
22 points·by mh_·4 lata temu·34 comments

Always Be Hacking

blog.thinkst.com
2 points·by mh_·4 lata temu·0 comments

Apples AT&T demo was a good example of pg's “relentlessly resourceful”

blog.thinkst.com
2 points·by mh_·4 lata temu·2 comments

Ask HN: Will referral codes cheapen honest referrals?

1 points·by mh_·4 lata temu·2 comments

Building WireGate: A WireGuard front to detect compromised keys

blog.thinkst.com
8 points·by mh_·5 lat temu·0 comments

Use a fake kubeconfig file to detect attackers

blog.thinkst.com
1 points·by mh_·5 lat temu·0 comments

Using a SQL Injection attack to detect attackers

blog.thinkst.com
1 points·by mh_·5 lat temu·0 comments

Good attacks make good detections make good attacks (a MySQL booby-trap)

blog.thinkst.com
1 points·by mh_·5 lat temu·2 comments

comments

mh_
·10 miesięcy temu·discuss
We build tools (commercial: https://canary.tools) and free (https://canarytokens.org | https://opencanary.org) that help slowdown/detect attackers.

It supports normal(ish) pacman-like activity, except some of the dots you consume might be canaries, which will slow you down/likely lead to you being detected/caught.
mh_
·10 miesięcy temu·discuss
It’s our birthday - so we built everyone this retro game.

(Complete all levels, and we will send you a special 10-year edition t-shirt)
mh_
·3 lata temu·discuss
Heh. "You can totally put in any value here, as long as its exactly this one"
mh_
·4 lata temu·discuss
You totally can?
mh_
·4 lata temu·discuss
Ouch. I’m super curious why you found it such a waste. I found it super interesting (I guess for all the reasons in the post)
mh_
·4 lata temu·discuss
I wrote this about 13 years ago (a little tongue in cheek) but it held up:

https://sensepost.com/blog/2009/twitter-killed-the-infosec-b...

-snip- There’s something liberating about saying “here’s a link”, as opposed to taking the time to formulate your thoughts into a full blown posting.

We were curious if this twitter-effect was real, imaginary or only applicable to lazy people like us.. Thanks to python-twitter and a few lines of script we can look at the the blogging habits of some info-sec superstars (and maybe confuse correlation and causation to jump to conclusions while we at it). -snip-
mh_
·4 lata temu·discuss
We are already pretty ok at gifting back (our hoodies/gifts have a pretty good rep).

I kinda default to “don’t mess with it” but sometimes wish we could do more to say thanks.
mh_
·5 lat temu·discuss
You can wave the encoding away (with a tick-box) but in general, people over-estimate what attackers will "notice". In cases like this, many are as desperate to get the loot as users are when they get phished. dialogue boxes and browser warning fade into the background as they hit "accept" to move closer to their goal.