Blog

  • What We Can Learn from the Capital One Hack

    Capital One

    Earlier this week, it became public that Capital One was victim to a privacy leak, affecting more than 100 million of their customers. News revealed details about the source of the attack, that apparently an individual conducted and bragged about it publicly.

    Now, a few days later and more facts known, the always excellent Krebs on Security blog offers some lessons learned from the incident. It has good statements from Netflix, CloudFlare, DisruptOS and AWS personnel, including citations about the involvement of IAM, EC2 and WAF. In particular, it points out mitigations that AWS recommends in response to Server Side Request Forgery (SSRF).

    Interesting is the conclusion that Rich Mogull comes to, that the industry is facing a major gap in skills, related to this kind of cloud security. Basic skill and availability thereof has always been a major gap in the entire industry. Only with the arrival of cloud it becomes more sparse. Mostly, because corporations maintain both their existing data centers and new cloud infrastructure, leaving out on the opportunity to become more secure in the cloud.

    Source: What We Can Learn from the Capital One Hack

  • Batman has a bad day.

    https://twitter.com/Crashingtv/status/1155527513638133760
    We’ve all been there.

    via.

  • Look, No Hands!

    Look, No Hands!

    Black Hat 2019
    Black Hat 2019

    Google’s Project Zero drops a hand full of Zero Day vulnerabilities for the iPhone at Black Hat 2019. Apparently one of them isn’t patched yet. Interaction-less Attack Surface in this context means, it’s wormable, executing code with no human interaction.

    Source: Look, No Hands! — The Remote, Interaction-less Attack Surface of the iPhone

  • Unlock your product organization’s potential by defining “done”

    Simplifying and aligning conversations with a definition of done

    All too often, the task list for your teams shared project management tool shows items like “Create Workflow” or “Define Process”. Items that do resonate well in the flow of work and in the nexus of individuals. But they do fall short of allowing the rest of the organization to grasp the meaning and even fail to do so for the reporter when some time has passed.

    Some consice expressions on expectations on what this story or ticket is about can do wonder to getting things done. Rather than “defining a a workflow”, for example the product management team would

    • Check for Duplicate Entries
    • Describe the Requirement
    • Outline all depending products
    • Draw a critical path
    • Align all stakeholders on the critical path
    • Communicate to the team

    The core idea is to eliminate any discussion about when an issue, item or story is delivered and is unique across function. Of course, the above serves as an example and will vary by team and work, and needs revision in any particular scenario. Having specific action advise will help reducing debates and focus on an actual deliverable, that is done by all opinion.

    Source: Unlock your product organization’s potential by defining “done”

  • #FashionID

    Heute hat der Europäische Gerichtshof in einem Fall von FashionID, des Onlineshop des Modehändlers Peek & Cloppenburg, ein Urteil gesprochen. Es geht darin darum, wie mit der Weitergabe von Benutzerdaten bei der Verwendung von 3rd Party Content umgegangen werden muss. Dass der Einsatz von beispielsweise Facebook Like Buttons

    Unter anderem versucht die Tagesschau aufzuklären. Weil das Urteil durch den EuGH ergangen ist und daher Konsequenzen über Deutschland hinaus haben wird, berichten auch internationale News wie Techcrunch und Yahoo(Reuters).

    Simon Assion von #twobirds, Twitter-aktiver Rechtsanwalt, fasst eben dort einige Stichpunkte zu dem Urteil in einem Thread zusammen.

  • Big O Notation Cheat-Sheet

    https://twitter.com/PPathole/status/1155464941177987072

    Quick Context: Big O Notation describes an execution limitation of a function, given an argument tends towards a particular value. In other words, smaller values describe better execution, typically in execution time.

  • Therapeutic Jira

    Anyone in software development can relate.

    Leave a comment what you would do!

  • Apple acquiring most of Intel’s smartphone modem business in $1B deal

    After Apple only recently announced to partner with Qualcom on 5G modems, Intel quickly decided to cease their efforts in that area. In that market situation, Apple likely landed a bargain on this deal.

    Apple has entered into a deal to acquire a majority of Intel’s modem business, TechCrunch has learned. The deal, valued at around $1 billion, includes Intel IP, equipment, leases and employees, with Apple bringing over 2,200 new roles and bringing its portfolio up 17,000 wireless technology patents. “We’ve worked with Intel for many years and know this team shares Apple’s passion for designing technologies that deliver the world’s best experiences for our users,” Apple SVP Johny Srouji said in a release tied to the news. “Apple is excited to have so many excellent engineers join our growing cellular technologies group, and know they’ll thrive in Apple’s creative and dynamic environment.

    Source: Apple acquiring most of Intel’s smartphone modem business in $1B deal

  • Get started with Kubernetes (using Python)

    Jason Haley wrote a brief tutorial to get the Pythonista started with Kubernetes. Worth reading if you are new to the topic.

    Enable Kubernetes in Docker Desktop

    So, you know you want to run your application in Kubernetes but don’t know where to start. Or maybe you’re getting started but still don’t know what you don’t know. In this blog you’ll walk through how to containerize an application and get it running in Kubernetes.This walk-through assumes you are a developer or at least comfortable with the command line (preferably bash shell).

    Source: Get started with Kubernetes (using Python) – Kubernetes