TL;DR Our credit card Canarytokens are out of beta and flying to your consoles! We love these tokens because they provide a novel way to alert on a strong signal of badness. They also perfectly embody our concept of conspicuous deception. Conspicuous deception is our take that simply knowing that a credit card could be a Canarytoken adds risk to the process of stealing, selling, testing, and committing fraud on all cards. Now, fraudsters have to worry that testing or …
Year: 2024
Cheap tchotchke, pushy salespeople and silly gimmicks. Vendor booths are often considered horrible wastes of time (and money). But we think they are great and keep recommending them to friends. It’s not because we throw money around either. We never raised capital, so even though we crossed $19m in ARR last year, we still watch our marketing spend judiciously. We don’t do airport ads and we don’t pay fancy analyst firms. (In fact, we still don’t do any outbound sales). …
Most security products are terrible. For years our industry has managed to get by because our products were mandated by someone or some regulation, and users were trained to accept that security and usability were necessary trade-offs. This was just the prevailing truth. One of the reasons we always promote hacker-led companies is because hackers delight in challenging accepted truths. We think this applies as much to product design as it does to smashing the stack. In a few months, …
In 2019, we created (and wrote about) our Skyball pyramid – a cute way to stack the super-bouncy balls we give away at conferences. This year we took it up a notch (thanks to Andrew bringing out SCR2!) Like the previous version, we can now make arbitrarily sized pyramids (which also allows us to shrink the base as we start to run out of balls). More importantly though.. Moar Birds! It’s tiny, but it’s one of those things we love. …
This is a short post describing how to debug Flask apps with the ever-useful rpdb, along with a few gotchas to be careful of. Our workhorse web backend is Flask+uWSGI, running on standalone EC2 instances. At the same time we rely on Twisted for several backend services. On occasion a Thinkster might need to debug one of these services on one of the EC2 instances. Due to our instance isolation strategy, it’s tricky to get fancy remote debugging running, such …
If you’ve gotten a gift from us in the past few years, it would have shown up in a bag like this one: Here’s the story behind that bag… Carrying Our Values With Us One of our core Thinkst values is to “do well by doing good” (we actually have 4 of them). We donate to Open Source projects we use. We offer no-strings-attached bursaries to South African tertiary students. We support local charities who protect, uplift, and believe in …
We’re happy to announce our Canarytoken’s newest member: the Fake App Canarytoken. We’ve previously asked the question Would you know if your phone was hacked? and offered the Wireguard Canarytoken as a safeguard against it. But, as we install more apps on our phones, the attack surface (and incentive) for attackers continues to increase. From journalists having their field notes read, to CEOs and presidents having their phones hacked, or the more prevalent scourge of intimate partner violence, more and …
We’ve just released an update that allows VMWare birds to be pre-configured. This allows customers to deploy them trivially at scale. Our KB article explains how to make use of it, but this post goes deeper under the hood to explore how we made it happen. Automatically Configuring Linux VMs The de facto standard for configuring or customising Cloud virtual machines (e.g. at AWS, GCP, Azure, etc) is cloud-init. Cloud-init works by reading configuration data from datasources outside the VM, …
Every August, 1000s of people from all over the world consciously decide to brave the balmy 40C/100F+ desert to learn, share, and socialize at the trifecta of Hacker conferences. Whereas Black Hat and DEF CON attendees have been making the sojourn for decades, 2024 marks the 13th year since BSides Las Vegas was added to the mix, lovingly referred to as the “Hacker Summer Camp”. With such a overwhelming buffet of content, we thought it might help to share the …
We’ve previously discussed how Canarytokens can detect when your website has been cloned and used in phishing campaigns. We also released an Azure Entra ID Login token that can be used to detect this activity on your tenant’s Entra ID Login page. Today, we’re taking that concept a step further by introducing an automated response pipeline that detects phishing attempts, correlates which of your users fell victim to the attack and takes immediate action to minimise the impact of the …