A very readable history of the early US hacking scene, including the roots of Def Con and Blackhat security conferences. The book is filled with a cast of characters many of whose names and exploits I recognize — although I’ve only met one or two in person. The book is definitely US-centric in it’s coverage…
Tag: security
Malware Analyst’s Cookbook and DVD
Another technical book, this time because my employer lets me buy random technical books as long as I pinky swear to read them and this one sounded interesting and got good reviews. First off, the book is a bit dated given its from 2011 — there are lots of references to Ubuntu 10.10 for example…
The BeyondCorp papers
Google’s BeyondCorp effort would probably be what we would now call Zero Trust, although I am surprised by how little name recognition BeyondCorp has when I talk to security people about Zero Trust. Perhaps there are subtle differences between the two, but if there are they aren’t obvious to me. I find myself reading the…
Cisco CyberOps Associate: Official Cert Guide
I don’t think I’ve really reviewed a technical book here before, but I read the thing so I guess I should. This book is the certification guide for a “Cisco CyberOps Associate” certification, which is what they now call the CCNA Security qualification. Its a relatively junior certification, qualifying you to be a level one…
Learning from the mistakes that even big projects make
The following is a blog post version of a talk presented at pyconau 2018. Slides for the presentation can be found here (as Microsoft powerpoint, or as PDF), and a video of the talk (thanks NextDayVideo!) is below: OpenStack is an orchestration system for setting up virtual machines and associated other virtual resources such as…
Adding oslo privsep to a new project, a worked example
You’ve decided that using sudo to run command lines as root is lame and that it is time to step up and do things properly. How do you do that? Well, here’s a simple guide to adding oslo privsep to your project!
How to make a privileged call with oslo privsep
Once you’ve added oslo privsep to your project, how do you make a privileged call? Its actually really easy to do. In this post I will assume you already have privsep running for your project, which at the time of writing limits you to OpenStack Nova in the OpenStack universe.
What US address should I give?
Many of the US forms you will have to fill out when you move will ask for an address. Use your work address until you have a permanent place. A good example is opening your first bank account. The only possible problem with using your work address for your bank account is that some people…
Collisions in MD5 sums
This is kind of a big deal. Cryptographic has functions are used in a lot of computer science circles to take a large document and turn it into a relatively small description of the document. The transformation has a couple of interesting properties: It’s one way — which means that I can know that I…