I’ve sometimes bumped into people who bemoan their broken company cultures with varying degrees of self-awareness. Around 2007, a then-customer heard we were heading to Vegas to speak at BlackHat and said: You guys are so lucky.. my company won’t let us go to anything like that At the time I bristled. We worked for months on that research, dedicating many nights and burnt family time before we could stand up and talk. For sure our company celebrated those wins, …
Blog Posts
SaveMyVid was created during our 2018 HackWeek. It’s goals are simple. I want to be able to tag/submit videos for watching, and then want them reliably stored somewhere (ideally on my iPad) Usage: Once you have an account on savemyvid.net, you are given an email address (like savemyvid+d1cf..@savemyvid.net) and a URL which is your personal podcast (like: http://d1cfc…savemyvid.net/podcast/output.rss) When you see a tweet with a video you want, or come across some video you are interested in, simply forward the …
Two weeks ago we ran the second edition of our internal HackWeek, and it was fantastic. Last year’s event was great fun and produced projects we still use; going into this year’s HackWeek we anticipated a leveling up, and weren’t disappointed. We figured we’d talk a little bit about the week, and discuss some of the “hacks”. Our HackWeek parameters are simple: We downtools on all but the most essential work (primarily anything customer-facing) and instead scope and build something. …
Dan Geer famously declared that security is “the absence of unmitigatable surprise”. He said it while discussing how dependence is the root source of risk, where increasing system dependencies change the nature of surprises that emanate from composed systems. Recently, two of our servers “surprised” us due to an unexpected dependence, and we thought this incident was worth talking about. (We also discuss how to mitigate such surprises going forward). Background:Every Canary deployment is made up of at least two …
aka: You know it’s supposed to hurt, you just don’t know which kind of hurt is the good kind One of the common problems when people start lifting weights (or doing CrossFit) is that they inadvertently overdo it. Why don’t they stop when it hurts? Because everyone knows it’s supposed to hurt. Hypertrophy is the goal, so the pain is part of the deal… right? Pain, Guaranteed In an old interview on the rise of Twitter, Ev Williams said something …
Moving backward is a feature too! We go through a lot of pain to make sure that Canary deployments are quick and painless. It’s worth remembering that even though the deployment happened in minutes, a bunch of stuff has happened in the background. (Your bird created a crypto key-pair, exchanged the public key with your console, and registered itself as one of your birds). From that point on, all communication between your bird and your console is encrypted (with a …
As a company, we are pretty huge fans of Open Source software. We use FLOSS extensively in our production stack and we make sure to give back where we can. One of the ways we do this, is by making our Canarytokens & OpenCanary projects open source and free to download. People needing Canarytokens can use the free hosted instance we run at Canarytokens.org, or they are free to download the docker images to run on their own networks. Literally …
One of the things that surprise new Canary customers, is that we don’t try particularly hard to keep customers looking at their consoles. (In fact, an early design goal for Canary was to make sure that our users didn’t spend much time using our console at all). We make sure that the console is pretty, and is functional but we aren’t trying to become a customer’s “one pane of glass”. We want the Canaries deployed and then strive to get …
Last month we downed tools for a week as we hosted a private, on-site version of the well regarded “ARM Exploit Laboratory” (by Saumil Shah). The class is billed as “a practical hands-on approach to exploit development on ARM based systems” and Saumil is world respected, delivering versions of the class at conferences like 44con, Recon and Blackhat for years. It.absolutely.delivered! With a quick refresher on ARM assembly and system programming on day-1, by day-2 everyone in the class was fairly …
Security vendors have a mediocre track record in keeping their own applications and infrastructure safe. As a security product company, we need to make sure that we don’t get compromised. But we also need to plan for the horrible event that a customer console is compromised, at which point the goal is to quickly detect the breach. This post talks about how we use Linux’s Audit System (LAS) along with ELK (Elasticsearch, Logstash, and Kibana) to help us achieve this …