Researchers creating malicious Tor relays


by aloria

"We don’t harden our production servers, it breaks our app."

by anonymous submission

Working on configuration audit


Bypassed the WAF to run a sqli, succeeded running a DROP DB … woops!

by jopito

Enabling NoScript

by infra

When the user demands admin rights so they can install their favorite desktop apps.

by Mj Tom

That moment when I demo a weaponized exploit, and $client says “That doesn’t mean the bug’s exploitable.”

by anonymous submission 

"In this conference talk we will demonstrate a new class of exploit, never seen before"

by @joshdustin

When a vendor talks about all the real life intrusion attempts their product has thwarted 

by @joshdustin

Employees of $client when we enable two-factor authentication.

The correct response:

by anonymous submission

Say it with pixels.
By aloria.