This month we’re ready to release our first major Canary Console overhaul. We’ve obviously pushed updates to Canary and the Console weekly for almost 5 years but this is the first time we’ve dramatically reworked the Console. Contrary to a bunch of other products, we don’t want to be your single pane of glass, and work really hard to make sure that most customers never have to spend time in their Console at all. But our beefed up Console offers …
Blog Posts
INTRODUCTION Continually refining our security operations is part and parcel of what we do at Thinkst Canary to stay current with attacker behaviours. We’ve previously written about how we think about product security (where we referenced earlier pieces on custom nginx allow-listing, sandboxing, or our fleet-wide auditd monitoring). Recently we examined our exposure to API key leakage, and the results were unexpected. THIRD PARTY API KEYs Like most companies, we use a handful of third-party providers for ancillary services. And, …
A decade ago, Steve Jobs sat down at the D8 conference for an interview with Kara Swisher and Walt Mossberg. What followed was a masterclass in both company and product management. The whole interview is worth watching, but I thought there were a few segments that stood out. Caveat: Any time someone talks about a tech-titan, there’s reflexive blowback from parts of the tech community: “He wasn’t really an engineer”, “He wasn’t really…” – This post will ignore all of that. …
aka: Small things done well We spend a lot of time sweating the details when we build Canary. From our user flows to our dialogues, we try hard to make sure that there’s very few opportunities for users to be stuck or confused. We also never add features just because they sound cool. Do you “explode malware”? No. Export to STYX? No. Darknet AI IOCs? No. No. No.. Vendors add rafts of “check-list-development” features as a crutch. They hope that …
Introduction This is part 2 in a series of posts on our 2015 BlackHat talk, and covers our Canarytokens work. You’ll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page’s image tag, and monitoring incoming GET requests. Imagine doing that, but for file reads, database queries, process executions, patterns in log files, Bitcoin transactions or even Linkedin Profile views. Canarytokens does all this and …
In March we moved from Groove to Zendesk – with this migration our Knowledge Base (KB) moved also. The challenge we faced was name-spacing – KB articles hosted on Groove were in the name-space http://help.canary.tools/knowledge_base/topics/, but the namespace /knowledge* is reserved on Zendesk and is not available for our use. This forced us to migrate all KB pages to new URLs and update the cross-references between articles. This addressed the user experience when one lands at our KB portal by …
InfoSec superstar (and long-time Canary fan) theGrugq recently mused on twitter about generating alerts when certain binaries are run on your hosts. We definitely think it has its uses, and we figured it would be worth discussing a quick way to make this happen (using the existing http://canarytokens.org) TL;DR: You can pass arbitrary data to a web-token allowing you to use it as a reliable, generic alerter of sorts. We often refer to our Web and DNS Canarytokens as our …
tl;dr: If you are looking to 3d-print face-shield frames for emergency services, but have a print-bed thats too small, here is an STL that should allow for the same result (with a modular frame) Download: RSA_FACE_SHIELD_MULTI For convenience, you can 3d-print these clips which seem to work for it too Download: MAKER_CLIPS Longer: Last week we saw a tweet from Lize Hartley that they were printing protective shields and handing them out to emergency services. We 3D-printed these frames for shields …
In our previous post (Are Canaries Secure?) we showed (some of) the steps we’ve taken to harden Canary and limit the blast radius from a potential Canary compromise. Colloquially, that post aimed to answer the question: “are Canaries Secure?” This post aims at another question that pops up periodically: “If I run your Canaries on my network, can you use them to hack me?” This answer is a little more complicated than the first, as there is some nuance. (Because …
What a question. In an industry frequently criticised for confusing security software with secure software, and where security software is ranked poorly against other software segments, it’s no surprise we periodically hear this question when talking to potential customers. We figured we’d write a quick blog post with our thoughts on it. We absolutely love the thought of this question coming up. Far too many people have been far too trusting of security products, which is how we end up …