Together with my colleagues at Bulletproof we wondered if we could do something fun and interesting to help the charity Movember. This quickly turned into a brainstorming session that resulted in a number of ideas, where we eventually settled on Mo-lebrity: a site where someone can take a photo of themselves and see which moustache-wearing celebrity they look the most like.
This is a shorter version of my Hardening Your AWS Environment presentation, originally posted on the Bulletproof blog.
This talk focuses on hardening your AWS environment using only the tools AWS provides.
Apple was commanded by a court to provide a way for breaking into an iPhone. This doesn't make me happy, so this post serves as a way to clear my mind and calm down about it.
This article describes setting up a single security group with cloudformation that you can use to ensure you can easily gain access to your servers wherever you are. And as a bonus it describes how you can update the parameters of your stack from the command line without needing access to its template.
In order to improve security for my EC2-instance, but still keep it useful, I came up with a script that automatically opens up SSH access for my current IP address.
[T]he techniques described in this section are generic enough and also work for reversing other frozen Python applications.
It seems that lately every week there is some new security measure is broken. While part of the actual research shows that security through obscurity in the end never seems to work, I am not happy to see that they managed to bypass the two-factor authentication. In defence of Dropbox though, their security keeps improving with every version.