Johan Sydseter

Hacks on the high seas, and how your home can be stolen under your nose Smashing Security · Episode

An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer scams.

Plus - don't miss our featured interview with @apenwarr.ca of @tailscale.com!

Yup! We're back - and it's episode 401!

open.spotify.com/episode/5ZzK...

#cybersecurity #podcast

Community dinner

Thank you to everyone who came to the #appsec dinner tonight in Oslo!

This happens literally every time I share a story from Teen Vogue.

All this screaming into the void about politics and not a single Fortinet meme today.
Very few cat posts.
No arguing over CVE scores.
Not even the obligatory "I hate Teams" daily rant.
Depressing times.

I hope my post finds you today, so you have to look at this toasted marshmallow.

Went to my local #OWASP meetup tonight and participated in my first capture the flag. There’s no feeling like learning something new, as uncomfortable as it may be. Nice people in the room make it easier! @owasp.org

"...Opengrep ensures that its static code analysis engine and rules remain accessible to everyone....Together, we will democratize Static Application Security Testing (SAST) and code security to empower developers to build more secure software." www.opengrep.dev

I don't expect a lot of victories at the federal level fighting government surveillance in the coming years, so I am going to enjoy the hell out of every one we get.

Why We Chose CycloneDX Over SPDX #sbom #cybersecurity worklifenotes.com/2025/01/21/w...

YouTube video by SBOM Europe SBOM Live 04: Trusting the software supply chain with guest Jon Meadows, Citi

Our new episode of SBOM Live with Jonathan Meadows, Citi is now published on Apple Podcasts (Audio only) and YouTube. The topic is trusting the software supply chain - and Jon shares from his experience of working with that in Citi.

#SBOM

youtu.be/EgVjYpWVLTA?...

Adam Shostack
Who Are "We"? Power Centers in Threat Modeling
https://arxiv.org/abs/2501.10427

AI Will Write Complex Laws - Schneier on Security Artificial intelligence (AI) is writing law today. This has required no changes in legislative procedure or the rules of legislative bodies—all it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill. In fact, the use of AI by legislators is only likely to become more prevalent. There are currently projects in the US House, US Senate, and legislatures around the world to trial the use of AI in various ways: searching databases, drafting text, summarizing meetings, performing policy research and analysis, and more. A Brazilian municipality ...

AI Will Write Complex Laws

In just a few months, the cost of running advanced AI/LLM models has fallen by several dozen times (40? 60?). Already today, some people can run a model on their own computer that deduces (‘thinks’) better than these people. This is a revolution.

Azure Private DNS zone fallback to internet - what, why and how In this blog post we will explore recently released functionality for Azure Private DNS zones that allows fallback to internet on domain name resolution.

Started this year with migrating my blog to a new, more minimalistic Hugo theme and got the first blog post of the year out! Last year has been challenging with regards to writing, but I'm aiming for writing more on my blog this year😸

https://buff.ly/3WkdBFr

#MVPBuzz #Azure #Microsoft

The Cyber Safety Review Board's members have been dismissed by the new administration, same as many members of other boards. CSRB was completely nonpartisan and worked in tremendous depth, bringing serious recommendations for improving security. Most recently it was looking at the telco hacks. RIP.

On days like this I am glad that I spent the last several years very deliberately making exercise my primary coping mechanism.

I woke up feeling optimistic today. Not because the world is great. But because it’s nice to know where we stand. And where we stand is beautiful, no doubt about it. It’s all very much worth defending.

YouTube video by OWASP London Maturing Your Application Security Program - Tanya Janca

Many thanks to Tanya Janca (@shehackspurple.bsky.social) for presenting her talk "Maturing Your Application Security Program" at the #OWASPLondon Chapter Meetup last week!

The recording of the talk is now available on our YouTube channel 📺 [PLEASE SUBSCRIBE!]:
👇
youtu.be/hGIuVo_FDs8?...

my post: onion caramelization will continue until morale improves reply: That's a flippant solution to addressing systemic issues. Morale can't be improved by relying on a short-term fix that disregards the root causes of employee dissatisfaction.

lol reply bots

What an insane move, even for this cartel. Killing the CSRB sends a very clear message.

YouTube video by OWASP London Go Hack Yourself: API Hacking for Beginners - Dr Katie Paxton-Fear

Many thanks to @insider.phd for presenting her talk "Go Hack Yourself: API Hacking for Beginners" at the #OWASP London Chapter Meetup last week!

The recording of the talk is now available on #OWASPLondon YouTube 📺 channel [PLEASE SUBSCRIBE!]:
👇
youtu.be/IO4FjTflU6s?...

As best you can, ignore him.

I'm disgusted by supposed friends and allies still actively participating on the former Twitter. I get it, we all established a community there (fuck I had over 80K followers, it helped make my career what it is today). But what else does the owner have to do to get you stop supporting him?

Listening to an NFL podcast and when they mentioned Nick Siriani, my iPhone lit up thinking it was a hey Siri prompt. I hate computers.

YouTube video by OWASP London 2025 is the year of Agentic AI, but what IS Agentic AI? - Spyros Gasteratos

Many thanks to Spyros Gasteratos @spyrosec.bsky.social for presenting his talk "2025 is the year of Agentic AI, but what IS Agentic AI?" at the #OWASPLondon Chapter Meetup last week! The recording of the talk is now available to watch 📺 here:
👇
youtu.be/4erBKACZULs?...