ramimac | 2 months ago | on: Shai-Hulud compromised a dev machine and raided GitHub org access: a post-mortem
ramimac's comments
ramimac | 3 months ago | on: Replicate is joining Cloudflare
Probably, but you can check out a more robust list here: https://blog.cloudflare.com/tag/acquisitions/
* BastionZero
* Kivera
* Baselime
* PartyKit
* Area 1
* Vectrix
* Zaraz
* Linc
* S2 Systems Corporation
* Neumob
* Eager
* CryptoSeal
* StopTheHacker
ramimac | 4 months ago | on: AWS Secret-West Region is now available
Always a funny title, see previously: Announcing the New AWS Secret Region (2017) [1]
ramimac | 5 months ago | on: Active NPM supply chain attack: Tinycolor and 40 Packages Compromised
It's not a coincidence - this attack is directly downstream of s1ngularity
ramimac | 6 months ago | on: Nx compromised: malware uses Claude code CLI to explore the filesystem
Hi! Author here who added the VSCode stat :)
I thought it was useful to include because:
* it can inform triage, if you use the extension you're more likely to be impacted * because it was VSCode, Workplace Trust actually partially mitigated this in at least 38 cases
ramimac | 6 months ago | on: Malicious versions of Nx and some supporting plugins were published
I have evidence of at least 250 successes for the prompt. Claude definitely appears to have a higher rejection rate. Q also rejects fairly consistently (based on Claude, so that makes sense).
Context: I've been responding to this all day, and wrote https://www.wiz.io/blog/s1ngularity-supply-chain-attack
ramimac | 8 months ago | on: Excalidraw+ Is Now SoC 2 Certified
Thanks! Unfortunately, I've somehow fallen off the paved road :)
https://github.com/ramimac/wiki/blob/main/CNAME
ramimac | 8 months ago | on: Excalidraw+ Is Now SoC 2 Certified
Fixed! Pages drops the custom domain whenever I push right now, have been putting off debugging it - apologies
ramimac | 8 months ago | on: Excalidraw+ Is Now SoC 2 Certified
In case it's helpful, I also collate quality blog posts in this genre over at https://rami.wiki/soc2/
ramimac | 1 year ago | on: Internet Archive: Security breach alert
It's not available in this case, or every case. When available, you can search "The data was provided by" in https://haveibeenpwned.com/PwnedWebsites
ramimac | 1 year ago | on: Vulnerabilities in the Feeld dating app
https://github.com/juliocesarfort/public-pentesting-reports is a substantial collection of public reports
Off the top of my head, DoyenSec has some good reports in there targeting web apps
ramimac | 1 year ago | on: Google Pixel Phones Have Unpatched Flaw in Hidden Android App
Press Release version in case anyone gets paywalled: https://www.prnewswire.com/news-releases/iverfiy-discovers-s...
ramimac | 1 year ago | on: A hard look at AWS GuardDuty shortcomings
Not sure how the link got munged, but the root is https://docs.aws.amazon.com/securityhub/latest/userguide/gua...
It's definitely a bit of a simplification - although I'm not aware of large orgs using anything else to meet the relevant PCI requirement
The whitepaper AWS commissioned helping explain GuardDuty to auditors[1] is definitely a large component there
[1] https://d1.awsstatic.com/certifications/foregenix_amazon_gua...
ramimac | 1 year ago | on: A hard look at AWS GuardDuty shortcomings
> GuardDuty does what AWS says it will do
What do you view as AWS' commitments around GuardDuty? I see pretty clear positioning by AWS of GuardDuty as a one-and-done solution for threat detection.
Top level marketing claims include:
* "Protect against ransomware and other types of malware" - which is why I looked at how viable GuardDuty would be against the most common form of S3 "ransomware"
* "Detect suspicious activity in your generative AI workloads" - but they don't actually have coverage of the vast majority of GenAI Services
* "Continuous monitoring across AWS accounts and workloads without added cost" - except the service is expensive (if worthwhile for the foundational data sources!) and has unpredictable costs
> competing product/service
I see canary infrastructure as complimentary to Guardduty (w/ foundational data sources) - which is explicitly stated in the piece!
nb: I'm the author, in case it's non-obvious!
ramimac | 1 year ago | on: A hard look at AWS GuardDuty shortcomings
Agreed - I find the credential exfil alerts meaningful. I appreciate that AWS has invested in making them better in recent years (bypass details in https://hackingthe.cloud/aws/avoiding-detection/steal-keys-u...)!
I also find the DNS based cryptomining detections pretty handy, and high enough signal.
Great point on VPC Flow Logs! With the move to SKU off various GuardDuty features (S3 protection, Runtime, etc.) ... it'd be nice if GuardDuty monitoring of VPC Flow logs were more configurable
ramimac | 2 years ago | on: Book list for streetfighting computer scientists (2022)
https://againsthimself.medium.com/security-engineering-proce...
A recently published commentary on Security Engineering would be a good supplement, naming the flaws seems a meaningful mitigation for them
ramimac | 2 years ago | on: Ask HN: Cloud security auditing for indie-grade projects?
Which cloud provider?
https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.
Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security
ramimac | 2 years ago | on: Ask HN: What are good resources for managing the security of a startup?
ramimac | 3 years ago | on: Ask HN: I'm now responsible of the security of a scaleup, how do I handle this?
There is a lot of advice in this thread that doesn't actually address your circumstances, or is just bad.
I recommend reading: 1. https://devd.me/log/posts/startup-security/ - relatively short and prescriptive 2. http://scrty.io/ - start with http://scrty.io/foundations + https://medium.com/starting-up-security/you-dont-need-a-chie... + https://medium.com/starting-up-security/starting-up-security...
ramimac | 3 years ago | on: Launch HN: Slauth.io (YC S22) – IAM Policy Auto-Generation
How would you compare your offering to https://github.com/iann0036/iamlive (an opensource implementation of IAM generation from client-side monitoring or proxy, released in Feb 2021)?
page 1
(personal site linked in bio, who links you onward to my linkedin)
[1] https://x.com/ramimacisabird/status/1994598075520749640?s=20