magoo - Network

I wrote about how detection engineering should be prioritized in a security program. Feedback and discussion...

I wrote about how detection engineering should be prioritized in a security program. Feedback and discussion welcome!

https://medium.com/starting-up-security/prioritizing-detection-engineering-b60b46d55051

Vulnerability Management: You should know about...

Vulnerability Management: You should know about EPSS

https://medium.com/starting-up-security/vulnerability-management-you-should-know-about-epss-99cd27a7d591

Writing about risk because I haven't written in a while. Here's "Beyond Controls: The Power of Risk Scenarios"It's...

Writing about risk because I haven't written in a while.

Here's "Beyond Controls: The Power of Risk Scenarios"

It's some stuff about boosting "scenario" usage in everyday security work.

https://magoo.medium.com/beyond-controls-the-power-of-risk-scenarios-218b9acc93f8

Wrote about risk communication: Talking about risk with thresholds. Feedback welcome,...

Wrote about risk communication: Talking about risk with thresholds.

Feedback welcome, thanks!

https://magoo.medium.com/talking-about-risk-with-thresholds-61011be2898f

So in late November, a panel of 26 of us ended up forecasting a 76% chance that Twitter would have an outage by Jan 30, which happened....

So in late November, a panel of 26 of us ended up forecasting a 76% chance that Twitter would have an outage by Jan 30, which happened. Wrote about it here: https://magoo.github.io/risk-measurement/blog/forecasting-a-twitter-outage/

Condition #1 easily passed - several newspapers of record called it a widespread outage.
Condition #2 passes, though, DownDetector being the "measurement" that the newspapers cited just barely passes the rules as written.
Condition #3 was easy - could not read or write tweets.

The rules were written to capture a real gnarly outage, and this one sorta squeaked by right over the bar.

In the future, we might be able to use panels like this for more objective measurements of downtime: https://deadbird.singlepane.io/d/hI9vrUO4k/home?orgId=4&refresh=30s

Thanks to all the 🍕 panelists who participated!

CircleCI breach retrospective w/ IOCs and TTPsQuick TLDR: 1. Malware on eng laptop2. Stole active SSO session for a remote session4....

CircleCI breach retrospective w/ IOCs and TTPs

Quick TLDR:

1. Malware on eng laptop
2. Stole active SSO session for a remote session
4. Generated production access tokens
5. Exfil'd customer ENVs, tokens, keys.
6. CircleCI encryption keys exfil'd too.

https://circleci.com/blog/jan-4-2023-incident-report/

https://twitter.com/badthingsdaily/status/836984397819596800?s=46&t=q_r6Az5bsCeaI74Rz7rlJg

https://twitter.com/badthingsdaily/status/836984397819596800?s=46&t=q_r6Az5bsCeaI74Rz7rlJg

Circle CI compromised. Yes, it’s exactly like the tabletop scenario. Rotate secrets...

Circle CI compromised.

Yes, it’s exactly like the tabletop scenario. Rotate secrets immediately.

https://circleci.com/blog/january-4-2023-security-alert/?utm_campaign=Incident+Storytelling&utm_content=security-alert%2C4jan2023&utm_dest=blog&utm_medium=soc&utm_source=twitter

Do you find @badthingsdaily useful?Is it funny? Inspiring? Does it prompt risk conversations at work? Tell me how you use it, I want to...

Do you find @badthingsdaily useful?

Is it funny? Inspiring? Does it prompt risk conversations at work? Tell me how you use it, I want to know!

I'm thinking about moving it to Mastodon in the new year and want some feedback on what you like about it.

https://twitter.com/badthingsdaily

I wrote a comprehensive retrospective on the events at Uber leading to USA v. Sullivan. Regardless of your opinions of guilt, this should...

I wrote a comprehensive retrospective on the events at Uber leading to USA v. Sullivan. Regardless of your opinions of guilt, this should help give you some perspective and context into the incident response process that led to the case.

https://magoo.medium.com/a-blameless-post-mortem-of-usa-v-joseph-sullivan-a137162f7fc9

Happy to take corrections or feedback throughout the day. Thanks, I hope it's useful for you.

OK mastodon!Lots of speculation about an inevitable severe Twitter outage everywhere.So, what % odds would you put on one happening at...

OK mastodon!

Lots of speculation about an inevitable severe Twitter outage everywhere.

So, what % odds would you put on one happening at Twitter between now and January 30?

That's what myself and 25 others sought to gather over the weekend. The panel we put together forecasted a 72.8% belief it would happen. A chart with the spread of forecasts is attached.

We made the bar to define "severe outage" pretty high and would need to include all of the following caveats (attached in pic, or in link).

We'll track and judge the forecast here: https://magoo.github.io/risk-measurement/blog/forecasting-a-twitter-outage/

We'll see how wrong we are in January! 🎉

A group of us are organizing a forecast about Twitter stability with a closing date of tomorrow night.If you have any thoughts or opinions...

A group of us are organizing a forecast about Twitter stability with a closing date of tomorrow night.

If you have any thoughts or opinions on whether Twitter will suffer a severe outage between now and Jan30, please share them with us!

Analysis of Eli Lilley Stock impact after the recent Twitter impersonation...

Analysis of Eli Lilley Stock impact after the recent Twitter impersonation
https://medium.com/@mrichard91/do-fake-accounts-on-twitter-affect-stock-prices-3ca440e562bd

This reuters exclusive on FTX smells maybe like a breach of internal tooling, or some other situations. If so, exfil is happening as I...

This reuters exclusive on FTX smells maybe like a breach of internal tooling, or some other situations. If so, exfil is happening as I type.

Maybe:

- An insider who believes they're a creditor, securing funds
- Poorly communicated insider consolidating funds away from wallet infrastructure and into custody before bankruptcy proceedings.
- Struggle between attacker / custodial movements

Funds are consolidating on a multisig wallet as I type, which is uncommon and weird if this is a theft, but I guess not impossible?

Whole thing is strange.

https://www.reuters.com/markets/currencies/exclusive-least-1-billion-client-funds-missing-failed-crypto-firm-ftx-sources-2022-11-12/

https://twitter.com/The_C_Hewitt/status/1591295053581860864

Since I'm new here, here's some stuff about me. I was previously a Director of Security at Facebook and Coinbase.My background is...

Since I'm new here, here's some stuff about me.

I was previously a Director of Security at Facebook and Coinbase.

My background is mostly around incident response, product security & integrity, and some other research areas. Today, I do a bunch of solo consulting and advisory work and am happy with it.

I'm currently proud of my writing on Starting Up Security (https://scrty.io). I've spent an enormous amount of time putting it together and it's free. Maybe you'll find it useful.

I know that a lot of us suddenly get thrown into a broad leadership role from a technical one (that's what happened to me too) and it can be a lot to figure out.

Starting Up Security benefits from feedback and I modify essays when good points are made. Please comment, DM me any thoughts, or submit something anonymously here:
https://docs.google.com/forms/d/e/1FAIpQLSduhzKVXvdwPiMJoY9ZScIxma27KMaPVnLdxJHssLb43Om-2Q/viewform

👍

Well, let's see how this goes I guess! Are any of you using private Mastodon servers and finding that more useful than keeping your...

Well, let's see how this goes I guess! Are any of you using private Mastodon servers and finding that more useful than keeping your identity on this one?