The gitlab-markup supply chain vulnerability…

Posted on January 11, 2017 in Security • Tagged with security, GitLab, GitHub, ReStructuredText, business, software, source, code, supplychain • 9 min read

…or how I stubbed my toe on the keys to a few dozen kingdoms

NOTE: this content originally appeared on the Taos blog

I’m authoring this security writeup in ReStructuredText. An odd way to start this off, I know. But bear with me, I promise that ReStructuredText is relevant …


Continue reading

Slavish adherence to guidelines considered…inadvisable?

Posted on November 20, 2015 in Security • Tagged with security, logging, linux, audit, breach, IT, business, CIS, guidelines • 7 min read

Industry “best practices” are STILL no substitute for expert help. Yes, this is one of ‘those’ stories.

Recently I was going over some logs trying to track down a mysterious ‘disappearing’ directory. Situations like this are typically not mysterious in the least, since directories don’t disappear. Either they’re …


Continue reading

Dealing With Breaches

Posted on July 31, 2014 in Security • Tagged with security, breach, IT, business • 6 min read

Security is hard. Much too hard to treat effectively in any one blog post or even one book. It’s a complicated, multifarious discipline that combines a host of observational and technical sub-disciplines. The same is true, to a lesser degree, for breach management. On the one hand, a large …


Continue reading