@tech.tc.nz
TCβs IT and InfoSec thoughts
Apologies for the extended break by the way. Had a rough couple of years. In a much better place now but itβs taking a lot longer for me to get my stride back than I realised.
Doing the social is hard for me right now, Iβm just taking life gently for a while.
GET / HTTP/1.1
User-Agent: HI I CAN BE WHOEVER YOU WANT ME TO BE PLEASE LOVE ME
The βMozillaβ browser, on Windows NT or Win64 or x64 or something, running on AppleWebKit (like KHTML except actually Gecko) except thatβs a lie itβs actually Chrome which is like Safari (which is actually AppleWebKit again) but thatβs also a lie because itβs actually Edge
I love User-Agent strings
TIL that service accounts, machine accounts etc are sometimes referred to as βNon-Human Identitiesβ and Iβm like
Yeah
lol, younger users of the internet are not going to take those seriously. *Especially* mumble, cβmon
Spacebar looks to be a promising alternative from what I could see, and if Matrix sorts its jank arse user experience and dodgy cryptography out I agree it could be a solid option
This has occurred to me on more than one occasion. π€
15.04.2025 22:06 β π 1 π 0 π¬ 1 π 0
This might actually be the lamest vendor response Iβve ever seen: www.theregister.com/2025/04/10/o...
11.04.2025 02:34 β π 1 π 0 π¬ 0 π 0Legitimately incredibly useful. I donβt normally do this but Tailscale is genuinely an awesome product for helping control access to things while *also* making the complexities of networking easier for me to deal with. #5yearsofTailscale
03.04.2025 21:46 β π 0 π 0 π¬ 0 π 0Firefoxβs ambiguously worded legal document means it could be interpreted that they might steal my data? Guess I have to switch to *checks notes* Google
04.03.2025 21:32 β π 0 π 1 π¬ 1 π 0Is anyone able to explain to me what parts of Microsoft is a 365, what a Copilot is, and what Windows does?
Because Iβm finding examples where 365 is sometimes not a cloud thing, Copilot is sometimes not an AI thing, and Windows sometimes is not an OS, and Iβm thoroughly fucking confused
Iβm probably getting ahead of myself though, given that isnβt not even supported by *Firefox or Safari* yet π
16.02.2025 06:55 β π 0 π 0 π¬ 0 π 0I get that thereβs a lot of security/privacy reasons for the complexity of FedCM on the IdPβs end, but I am seriously worried itβs gonna harm adoption if IdPβs have to jump through so many hoops to support it.
I have a hunch this is going to supported by Google, Googleβs FedCM demo, and nobody else
this haptic display absolutely rocks. basketball is for everyone.
06.02.2025 21:56 β π 21496 π 6923 π¬ 251 π 1048Sorry Iβve been so quiet on this account lately! Thereβs so much I want to talk about and 99% of it is βoops thatβs related to a pentesting client for work, canβt talk about thatβ π
22.01.2025 23:46 β π 3 π 0 π¬ 2 π 0Definitely been taking a while to get the Wellington OWASP meets back up again, but ducks are now in a row and only thing left is to present something!
Currently making progress on my presso to get the ball rolling, should be ready for a (tentatively!) February meetup! Watch this space!
Interviewer: Can you explain this gap in your resume?
Pentester: Itβs called time-based blind SQL injection.
Yes, Iβm largely referencing vanilla PHP here, the βindividually sanitise every single time and if you forget thatβs your faultβ attitude still seems to prevail there. But theyβre not the only ones at fault of this.
18.12.2024 22:58 β π 0 π 0 π¬ 0 π 0Itβs exhausting having to push back against security arguments that boil down to βYouβre safe if you donβt make mistakesβ.
If the tools you work with require manual, iterative and individual protections against exploitation multiple times, theyβre shit tools.
Looking forward to seeing lots of you at #chcon tomorrow!
21.11.2024 10:06 β π 0 π 0 π¬ 0 π 0Something ingrained, that I realize now others do not have, is knowing the solution to failure is offering a better solution. I have tried shame I have endured compliance. I ground this axe years. You need the market to decide you've won. I sold modern policy baselines to fix user experience. I won.
14.11.2024 04:48 β π 271 π 27 π¬ 8 π 1
So glad that Apple moved away from that weird arse design pattern where windows could not be maximised and toolboxes were just floating there and just appeared/disappeared depending on which window had focus, was a pain in the arse π
23.10.2024 02:52 β π 0 π 0 π¬ 0 π 0
Photograph of entrance of Congress Center Hamburg, showing two banners hanging, one on the left is code.talks, and the one on the right is Eurofurence.
A developer conference running in parallel with a furry convention is pure comedy
18.09.2024 14:08 β π 101 π 21 π¬ 6 π 1HL7: The healthcare βstandardβ that people βfollowβ
12.09.2024 05:24 β π 2 π 1 π¬ 0 π 0Apple is definitely having a gap year. iOS 18 has been a total snoozefest too, ah well.
At least theyβve done a little catch up on some small areas where theyβve been lagging behind competition.
Security and foxes is a disaster recipe that will result in all of your chicken/eggs being stolen Ζ:
06.09.2024 12:22 β π 3 π 0 π¬ 0 π 0Two hobbies crossing over is where the interesting stuff happens! Especially security and anything else
06.09.2024 12:18 β π 3 π 0 π¬ 1 π 0Had a good time at OWASP New Zealand Day this year! Had a lot of awesome conversations with many interesting people, and definitely inspired to get another talk done soon!
Also working through the initial plans for an interesting contribution to the AppSec scene, watch this space!
Is this the tcpip.sys RCE thing potentially?
30.08.2024 03:18 β π 0 π 0 π¬ 0 π 0It's only a one-time pad if it comes from the Padua region of Italy. Otherwise, it's just sparkling preshared key.
29.08.2024 12:21 β π 4 π 3 π¬ 0 π 0
