Blog Posts

Something fresh

This month we’re ready to release our first major Canary Console overhaul. We’ve obviously pushed updates to Canary and the Console weekly for almost 5 years but this is the first time we’ve dramatically reworked the Console. Contrary to a bunch of other products, we don’t want to be your single  pane of glass, and work really hard to make sure that most customers never have to spend time in their Console at all. But our beefed up Console offers

Continue Reading

3rd-party API-Key Leaks (and the Broker)

INTRODUCTION Continually refining our security operations is part and parcel of what we do at Thinkst Canary to stay current with attacker behaviours. We’ve previously written about how we think about product security (where we referenced earlier pieces on custom nginx allow-listing, sandboxing, or our fleet-wide auditd monitoring). Recently we examined our exposure to API key leakage, and the results were unexpected. THIRD PARTY API KEYs Like most companies, we use a handful of third-party providers for ancillary services. And,

Continue Reading

A Steve Jobs masterclass (from a decade ago)

A decade ago, Steve Jobs sat down at the D8 conference for an interview with Kara Swisher and Walt Mossberg. What followed was a masterclass in both company and product management. The whole interview is worth watching, but I thought there were a few segments that stood out. Caveat: Any time someone talks about a tech-titan, there’s reflexive blowback from parts of the tech community: “He wasn’t really an engineer”, “He wasn’t really…” – This post will ignore all of that.

Continue Reading

Good UNIX tools

aka:  Small things done well  We spend a lot of time sweating the details when we build Canary. From our user flows to our dialogues, we try hard to make sure that there’s very few opportunities for users to be stuck or confused. We also never add features just because they sound cool. Do you “explode malware”? No.  Export to STYX? No.  Darknet AI IOCs? No. No. No..  Vendors add rafts of “check-list-development” features as a crutch. They hope that

Continue Reading – Quick, Free, Detection for the Masses

Introduction This is part 2 in a series of posts on our 2015 BlackHat talk, and covers our Canarytokens work. You’ll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page’s image tag, and monitoring incoming GET requests. Imagine doing that, but for file reads, database queries, process executions, patterns in log files, Bitcoin transactions or even Linkedin Profile views. Canarytokens does all this and

Continue Reading

Why control matters

In March we moved from Groove to Zendesk – with this migration our Knowledge Base (KB) moved also. The challenge we faced was name-spacing – KB articles hosted on Groove were in the name-space, but the namespace /knowledge* is reserved on Zendesk and is not available for our use. This forced us to migrate all KB pages to new URLs and update the cross-references between articles.  This addressed the user experience when one lands at our KB portal  by

Continue Reading

Canarytokens: Token Anything, Anywhere

InfoSec superstar (and long-time Canary fan) theGrugq recently mused on twitter about generating alerts when certain binaries are run on your hosts. We definitely think it has its uses, and we figured it would be worth discussing a quick way to make this happen (using the existing TL;DR: You can pass arbitrary data to a web-token allowing you to use it as a reliable, generic alerter of sorts. We often refer to our Web and DNS Canarytokens as our

Continue Reading

3D-Printed Emergency Services Face Shields

tl;dr: If you are looking to 3d-print face-shield frames for emergency services, but have a print-bed thats too small, here is an STL that should allow for the same result (with a modular frame) Download: RSA_FACE_SHIELD_MULTI For convenience, you can 3d-print these clips which seem to work for it too Download: MAKER_CLIPS Longer: Last week we saw a tweet from Lize Hartley that they were printing protective shields and handing them out to emergency services. We 3D-printed these frames for shields

Continue Reading

If i run your software, can you hack me?

In our previous post (Are Canaries Secure?) we showed (some of) the steps we’ve taken to harden Canary and limit the blast radius from a potential Canary compromise. Colloquially, that post aimed to answer the question: “are Canaries Secure?” This post aims at another question that pops up periodically: “If I run your Canaries on my network, can you use them to hack me?” This answer is a little more complicated than the first, as there is some nuance. (Because

Continue Reading

Are Canaries Secure?

What a question. In an industry frequently criticised for confusing security software with secure software, and where security software is ranked poorly against other software segments, it’s no surprise we periodically hear this question when talking to potential customers. We figured we’d write a quick blog post with our thoughts on it. We absolutely love the thought of this question coming up. Far too many people have been far too trusting of security products, which is how we end up

Continue Reading

Site Footer

Authored with 💚 by Thinkst