If you don't know who this is, he wrote one of my favourite books on web (browser) security: "The Tangled Web" [1].
Another lesser known book by him is also worth a read: "Silence on the Wire" that takes a look at the full information security stack from the keyboard you type on, to the wires the data transits, to the internet protocols, etc [2] and looking at how each stage exposes/protects data.
And has quite an interesting history in infosec beyond that [3].
I just got one of those periodic "wow, those are the same person?" Internet moments; I've both used AFL a fair bit, and read Tangled Web, but never connected the two.
That's funny because there is another book [1] with exactly the same title and also about computer security, although it predates the one you mention by a decade.
> there is a CISO position to fill at @facebook I hear
@lcamtuf:
> Waiting for NYTimes to tell me why I am leaving Google first.
This little exchange speaks volumes about what's happening in the the media regarding the tech industry: one company behaves badly and then all get tarred and feathered. Facebook's security leadership starts jumping ship, and when someone analogous from Google, a completely different organization with a completely different (i.e. existent) moral compass and set of security practices leaves his post for unstated reasons at about the same time, the world assumes a similar scandal is on the way.
> This little exchange speaks volumes about what's happening in the the media regarding the tech industry: one company behaves badly and then all get tarred and feathered.
Perhaps that's perfectly fair, and perhaps everyone has a responsibility for the standards and behavior in their community. That would apply especially to Google, a leader in the community. To the degree the public views the standards (including laws and regulations) as insufficient because of what Facebook has done, perhaps they are correct. And it won't be changed without Google's direct involvement; the public might wonder, why hasn't Google seen to these issues already (if they have, it's largely been ineffective). If fraud is rife on Wall Street, is it wrong to hold Goldman Sachs accountable regardless of their direct involvement? Is it plausible that Goldman Sachs is not directly involved, given their size and influence? Doesn't Goldman Sachs have a responsibility to fix the problem, regardless, at least as a leader?
(Thanks to dpark for providing essential context about the parent comment: The author works at Google.
Here is a post he wrote about leaving Poland and starting his journey to emigrate to the US. He ended working as Director of security @ google even without a college degree.
https://lcamtuf.blogspot.com.ar/2015/03/on-journeys.html
Whatever his plans are, this will be something big.
He is a guy who could, if he wanted, build a secure kernel for mobile devices for example.
I always think this security thing is a waste of his talent though, he's such a creative guy and could do many other different things, instead he gets paid for finding holes everywhere, and he's extremely good at it, so...
If it would not be newsworthy then it wouldn't be upvoted enough to get on first page on HN. It's newsworthy for me that's why I upvoted it and it seems 150+ more people thinks the same. If something is not newsworthy for you dosen't mean it's not newsworthy for others.
A lot of folks in Hackernews have interest in security relevant topics also - Its one of the reasons I am here, so I appreciate quickly reading this and move on. Its a good indicator that HN is the right community for me. :)
[+] [-] dmix|8 years ago|reply
Another lesser known book by him is also worth a read: "Silence on the Wire" that takes a look at the full information security stack from the keyboard you type on, to the wires the data transits, to the internet protocols, etc [2] and looking at how each stage exposes/protects data.
And has quite an interesting history in infosec beyond that [3].
[1] https://www.amazon.com/Tangled-Web-Securing-Modern-Applicati...
[2] https://www.amazon.com/Silence-Wire-Passive-Reconnaissance-I...
[3] https://en.wikipedia.org/wiki/Micha%C5%82_Zalewski
[+] [-] pjf|8 years ago|reply
[+] [-] iooi|8 years ago|reply
[1] https://news.ycombinator.com/item?id=15110850
[+] [-] alethiophile|8 years ago|reply
Impressive fellow.
[+] [-] seanhandley|8 years ago|reply
[+] [-] harryf|8 years ago|reply
[+] [-] elorant|8 years ago|reply
[1] https://www.amazon.com/Tangled-Web-Securing-Modern-Applicati...
[+] [-] jfasi|8 years ago|reply
> there is a CISO position to fill at @facebook I hear
@lcamtuf:
> Waiting for NYTimes to tell me why I am leaving Google first.
This little exchange speaks volumes about what's happening in the the media regarding the tech industry: one company behaves badly and then all get tarred and feathered. Facebook's security leadership starts jumping ship, and when someone analogous from Google, a completely different organization with a completely different (i.e. existent) moral compass and set of security practices leaves his post for unstated reasons at about the same time, the world assumes a similar scandal is on the way.
[+] [-] tptacek|8 years ago|reply
This is part of the problem of linking directly to individual tweets as front page news on HN.
[+] [-] antirez|8 years ago|reply
You mean, the company which basically turned "free services for all your data and info" something at massive scale?
[+] [-] Angostura|8 years ago|reply
I see no-one assuming that.
[+] [-] forapurpose|8 years ago|reply
Perhaps that's perfectly fair, and perhaps everyone has a responsibility for the standards and behavior in their community. That would apply especially to Google, a leader in the community. To the degree the public views the standards (including laws and regulations) as insufficient because of what Facebook has done, perhaps they are correct. And it won't be changed without Google's direct involvement; the public might wonder, why hasn't Google seen to these issues already (if they have, it's largely been ineffective). If fraud is rife on Wall Street, is it wrong to hold Goldman Sachs accountable regardless of their direct involvement? Is it plausible that Goldman Sachs is not directly involved, given their size and influence? Doesn't Goldman Sachs have a responsibility to fix the problem, regardless, at least as a leader?
(Thanks to dpark for providing essential context about the parent comment: The author works at Google.
https://news.ycombinator.com/item?id=16640453 )
[+] [-] musage|8 years ago|reply
[deleted]
[+] [-] Analemma_|8 years ago|reply
[+] [-] i04n|8 years ago|reply
[+] [-] brohee|8 years ago|reply
And his guerilla-CNC guide is also an awesome ressource.
Very curious about what he does next.
[+] [-] dvfjsdhgfv|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] heedlessly2|8 years ago|reply
[+] [-] lawnchair_larry|8 years ago|reply
[+] [-] lossolo|8 years ago|reply
[+] [-] CiPHPerCoder|8 years ago|reply
Is it newsworthy? Not in the scandalous sense, no.
[+] [-] kerng|8 years ago|reply
[+] [-] tptacek|8 years ago|reply