Internet protector, industry creator, and purveyor of secrets. CEO, Bit Discovery (bitdiscovery.com), Founder of WhiteHat Security, and Black Belt in Jiu-Jitsu.

Boise, ID & Maui, Hi
Joined March 2008
Jeremiah Grossman retweeted
Replying to @jeremiahg
Dan Geer used to say (I might not get this quite right)……in the connected world every sociopath is your next door neighbor
4
2
0
4
In the age of the Internet, everyone and everything is equidistant from the adversary.
2
0
0
2
I wonder if personal views about Covid correlate with tendencies towards introversion or extroversion.
2
0
1
4
The pandemic has been going on for so long, I’m going to start referring to 2019 as 1 BC. "Before Covid."
2
0
0
12
Microsoft now owns all my favorite games. Not sure how I fell about that.
6
1
0
6
On average, I wonder what percentage of the legal agreements people ‘sign’ are actually read. Think EULAs, NDAs, mortgage & loan agreements, privacy & disclosure policies, various terms of service, and so on. Above 1% ya think?
9
0
0
13
We’re unable to license “our data” to 3rd-parties because we don’t own it. This is also why it’s all breached. #USPerspective
0
0
0
4
Jeremiah Grossman retweeted
I rest my excel case #dfir 2022 @CrowdStrike Incident Response Tracker Template xlsx
What is the newly released CrowdStrike Incident Response Tracker? Find out in the @CrowdStrike blog — and download your copy of this digital forensics and incident response (DFIR) community tool today: ⬇️ bit.ly/3HXIrdv
1
3
0
3
267
Jeremiah Grossman retweeted
It's been way too long since I had my pal @RSnake on the @DecipherSec podcast, so we remedied that today to talk about his wild new research into NaN injections and other stuff. buzzsprout.com/228511/988233…
0
2
0
2
Open source doesn’t have a ‘security’ problem per say. What we really have is an attack surface management and patching problem.
Tech Leaders, Federal Officials Seek a Way Forward for Open Source Security decipher.sc/tech-leaders-fed… #decipher #deciphersec
1
2
1
27
When an open source project fixes a vuln and makes a patch available, it doesn’t mean orgs actually patch or know what system they have that need it. Sure. Spend a bunch of money improving open source, but it’ll do next to nothing to thwart breaches.
1
0
0
8
I’ll still agree there is a larger software security problem, but that problem is non-technical. The core problem is more about business incentives.
4
0
0
7
Hold software vendors legally liable for the products they ship, and the open source ‘problem’ … including its lack of funding… will be solved by the ecosystem.
4
2
0
5
Of course, exactly zero of the participants invited to the meeting would support such an initiative.
0
2
0
3
Playing Factorio helps you appreciate the complexity and difficulty of supply chain management.
3
0
0
7
Way back in the day, playing Ultima Online as a merchant helped me understand the concepts of monetary policy, pricing, and inflation.
2
0
0
2
Jeremiah Grossman retweeted
Wow @jeremiahg - only took the browser companies 18 years to figure out intranet port scanning + CSRF was a real problem. ;)
Chrome will add a feature this year that will block internet sites from accessing systems on local networks, such as routers, servers, or other internal corporate resources Called Private Network Access, this system will roll out with Chrome 98 and 101 therecord.media/chrome-will-…
Show this thread
0
10
0
21
Jeremiah Grossman retweeted
18/ "Principles" are what you defend even when they appear to be helping the opposing side. If you only defend principles when needed for your own side, then what you are really fighting for is your side and not principles.
1
8
0
28
Show this thread
InfoSec stuff people spend money on before investing in asset management.
give this book a title
7
39
5
251