awly
@awly.dev
Ukrainian in PNW, making computers go brrr. Security @Tailscale, Xoogler. Finding joy in urbanism, minimalism and coffee.
Reposted by awly
This Sunday at @BSidesSF, Tailscale’s @patrickod.com will share how he found a long-standing CSRF bug in the gorilla/csrf Go lib.
Don’t miss it 🔍
🎤 pretalx.com/bsidessf2025...
📅 bsidessf2025.sched.com/event/1x8UA
📺 bsidessf.org/streams
#BSidesSF #AppSec #golang #Tailscale #SecurityResearch
Don’t miss it 🔍
🎤 pretalx.com/bsidessf2025...
📅 bsidessf2025.sched.com/event/1x8UA
📺 bsidessf.org/streams
#BSidesSF #AppSec #golang #Tailscale #SecurityResearch
April 25, 2025 at 3:01 PM
This Sunday at @BSidesSF, Tailscale’s @patrickod.com will share how he found a long-standing CSRF bug in the gorilla/csrf Go lib.
Don’t miss it 🔍
🎤 pretalx.com/bsidessf2025...
📅 bsidessf2025.sched.com/event/1x8UA
📺 bsidessf.org/streams
#BSidesSF #AppSec #golang #Tailscale #SecurityResearch
Don’t miss it 🔍
🎤 pretalx.com/bsidessf2025...
📅 bsidessf2025.sched.com/event/1x8UA
📺 bsidessf.org/streams
#BSidesSF #AppSec #golang #Tailscale #SecurityResearch
Reposted by awly
We’ve recently learned that malicious actors are setting up fake domains to impersonate Tailscale—through scam websites, emails, and even bogus job listings.
If you want to know how to spot the signs, we’ve put together a short guide to help you stay safe:
If you want to know how to spot the signs, we’ve put together a short guide to help you stay safe:
Scam Awareness | Tailscale
It has come to our attention that malicious actors are setting up fake domains to impersonate Tailscale through websites, emails, and other online communication.
tailscale.com
April 9, 2025 at 8:19 PM
We’ve recently learned that malicious actors are setting up fake domains to impersonate Tailscale—through scam websites, emails, and even bogus job listings.
If you want to know how to spot the signs, we’ve put together a short guide to help you stay safe:
If you want to know how to spot the signs, we’ve put together a short guide to help you stay safe:
Reposted by awly
This April 1st, we're serious: Tailscale supports Plan 9 from Bell Labs!
Secure peer-to-peer networking on the OS that inspired it all ➡️ tailscale.com/blog/tailsca...
Secure peer-to-peer networking on the OS that inspired it all ➡️ tailscale.com/blog/tailsca...
April 1, 2025 at 2:02 PM
This April 1st, we're serious: Tailscale supports Plan 9 from Bell Labs!
Secure peer-to-peer networking on the OS that inspired it all ➡️ tailscale.com/blog/tailsca...
Secure peer-to-peer networking on the OS that inspired it all ➡️ tailscale.com/blog/tailsca...
Reposted by awly
Sufficient time has passed and I'm excited to share a demo and details of a 9 year old CSRF vulnerability that I discovered in the popular gorilla/csrf library. attack.csrf.patrickod.com
gorilla/csrf CSRF vulnerability demo
A demonstration of a novel CSRF vulnerability in the gorilla/csrf Go library.
attack.csrf.patrickod.com
March 31, 2025 at 3:52 PM
Sufficient time has passed and I'm excited to share a demo and details of a 9 year old CSRF vulnerability that I discovered in the popular gorilla/csrf library. attack.csrf.patrickod.com
Reposted by awly
The latest episode of WIRED’s beloved Tech Support series answers all of your questions about dictators — in case for some reason that was of interest right now.
www.youtube.com/watch?v=vK6f...
www.youtube.com/watch?v=vK6f...
History Professor Answers Dictator Questions | Tech Support | WIRED
YouTube video by WIRED
www.youtube.com
March 19, 2025 at 10:06 PM
The latest episode of WIRED’s beloved Tech Support series answers all of your questions about dictators — in case for some reason that was of interest right now.
www.youtube.com/watch?v=vK6f...
www.youtube.com/watch?v=vK6f...
Reposted by awly
Reposted by awly
Reposted by awly
What keeps security leaders up at night? I interviewed 57 CISOs and security leaders to find out. The answers were surprisingly consistent: access management challenges, vulnerability management complexity, and limited SaaS visibility. Read the post: mayakaczorowski.com/blogs/what-s...
What sucks in security? Research findings from 50+ security leaders
I interviewed 57 security leaders and asked them "What sucks in security?" Their top pain points were inconsistent access management, vulnerability prioritization and remediation, and obtaining SaaS l...
mayakaczorowski.com
December 10, 2024 at 4:06 PM
What keeps security leaders up at night? I interviewed 57 CISOs and security leaders to find out. The answers were surprisingly consistent: access management challenges, vulnerability management complexity, and limited SaaS visibility. Read the post: mayakaczorowski.com/blogs/what-s...
Reposted by awly
The Go team plans to issue a security fix for the golang.org/x/crypto/ssh package in the golang.org/x/crypto module on Wednesday, December 11th.
groups.google.com/g/golang-ann...
groups.google.com/g/golang-ann...
[security] golang.org/x/crypto/ssh fix pre-announcement
groups.google.com
December 11, 2024 at 12:27 AM
The Go team plans to issue a security fix for the golang.org/x/crypto/ssh package in the golang.org/x/crypto module on Wednesday, December 11th.
groups.google.com/g/golang-ann...
groups.google.com/g/golang-ann...