Archive | Security

Behind Mo-Lebrity @ Bulletproof

It started as a simple question, can we do something fun and interesting to help the charity Movember? This quickly turned into a brainstorming session that resulted in a number of ideas, where we eventually settled on Mo-lebrity: a site where someone can take a photo of themselves and see which moustache-wearing celebrity they look the most like.

Together with some of my colleagues we built a small side project to support the Movember charity. On the Bulletproof blog I’ve written a high-level overview of what this entailed. It was an interesting experience, where I got to play with a number of things for the first time and rekindled my ‘love’ for Javascript.

Hardening Your AWS Environment @ Bulletproof

In this overview of the Hardening your AWS Environment talk we gave at the AWS User Group in Melbourne we’re focusing on the monitoring and infrastructure access aspects discussed there.

In case you found the writeup of my last presentation a bit long, I posted a shorter version on the Bulletproof blog. It doesn’t have everything from the original writeup, but still contains some useful advice.

Think of the Children

Apple was commanded by a court to provide a way for breaking into an iPhone. This doesn't make me happy, so this post serves as a way to clear my mind and calm down about it.

Personal access to your servers

This article describes setting up a single security group with cloudformation that you can use to ensure you can easily gain access to your servers wherever you are. And as a bonus it describes how you can update the parameters of your stack from the command line without needing access to its template.

Researchers reverse-engineer the Dropbox client: What it means

[T]he techniques described in this section are generic enough and also work for reversing other frozen Python applications.

It seems that lately every week there is some new security measure is broken. While part of the actual research shows that security through obscurity in the end never seems to work, I am not happy to see that they managed to bypass the two-factor authentication. In defence of Dropbox though, their security keeps improving with every version.