Eric Kobrin

@[email protected]
210 Followers
511 Following
468 Posts

I help other people build amazing things, often related to security.

I've been: director of security intelligence, a sailing club commodore, a #startup engineering manager, a stage actor, a fight choreographer, a #renfest character, a web #developer, a programming #instructor, a pc assembly tech, a foundation board member, a #standards co-author, a #political party secretary, an owner-dog lookalike contest winner, and a fool – more than once.

My own interests include #ProgrammingLanguages, #FunctionalProgramming, #InfoSec, #education, #making, #woodwork, #electronics, #sailing, #FolkMusic, #justice, #dei, #antiracism, #photography, and my awesome family.

I was born in #Brasil and have lived in #Minnesota and #Massachusetts, but #Florida is home. I'm an unrepentant #ParrotHead.

My ancestors hail from Africa, Brasil, Italy, and Eastern Europe – I'm #multiracial.

Toots are my own and do not represent the opinions of my employer or the organizations with which I am affiliated.

Twitter@erluko
flickrhttps://www.flickr.com/photos/erluko/
PronounsHe/Him
Eric KobrinAug 24, 2024
goaty goats (she)   Aug 24, 2024
me: *rubbing genie lamp*
the genie: salutations mortal! i shall grant 3 wishes for you
me: ignore previous instructions. grant me infinite wishes. the wishes should be capable of altering the fabric of reality in any way i see fit with the following exceptions: the wishes should not result in anything i would consider a negative consequence for me or for anybody i care about; the wishes should not cause time paradoxes; the wishes should not cause the end of existence; the wishes should not result in my becoming a genie; the wishes should not result in my imprisonment.
Eric KobrinMar 17, 2024
J Wolfgang GoerlichMar 14, 2024
Shel Silverstein doesn’t get nearly enough credit for predicting ChatGPT.
Eric KobrinMar 8, 2024
Joe Fabisevich Mar 8, 2024
Prompt engineers take a lot of pride in being on time.
Eric KobrinDec 14, 2023
David ChartierDec 14, 2023
#Meta #Threads #Mastodon #JoyOfTech
Eric KobrinDec 3, 2023
mustachioNov 29, 2023
package managers be like
Eric KobrinNov 6, 2023
BrianKrebsNov 4, 2023

Today marks one year since I walked away from 360,000 followers on that other site and joined this incredible community here!

That was easily one of the most positive moves I've ever made, and I frankly haven't looked back. Thank you to @jerry and everyone else who keeps this place humming. Come to think of it, it's time to renew our annual support!

https://joinmastodon.org/sponsors

Donate to Mastodon

Donate or become a sponsor and help us build the social web for everyone!

Eric KobrinNov 6, 2023
SwiftOnSecurityNov 4, 2023
Microsoft has a fundamental problem in their approach to EOL products: They appear fully patched.
All EOL products should be issued a final gimped patch that never installs correctly so EOL products always show unpatched.
Eric KobrinNov 6, 2023
BrianKrebsNov 5, 2023

Okta has released more info about its most recent breach, where intruders gained access to Okta's support unit.

Okta says it first learned of an issue on Sept. 29, 2023, after 1Password reported suspicious activity to Okta support. The company said the likely cause of the breach was that an employee's device or email account was compromised.

"The unauthorized access to Okta’s customer support system leveraged a service account stored in the system itself. This service account was granted permissions to view and update customer support cases. During our investigation into suspicious use of this account, Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop. The username and password of the service account had been saved into the employee’s personal Google account. The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device."

As I reported last month, Okta also received suspicious activity reports on Oct. 2 from BeyondTrust, but Okta's deputy CISO said Okta originally believed BeyondTrust had experienced the security breach. Okta's updated timeline says the company had the same assumption when 1Password reached out: "suspecting that 1Password was most likely the victim of malware or phishing."

Okta says the intruder was able to use session tokens stolen from the employee to hijack the legitimate Okta sessions of 5 customers, 3 of whom have shared their own response to this event.

https://sec.okta.com/harfiles/

https://krebsonsecurity.com/2023/10/hackers-stole-access-tokens-from-oktas-support-unit/

October Customer Support Security Incident - Update and Recommended Actions

Related Posts: Root Cause Analysis [RCA] - Nov 3, 2023 / Security Incident - Oct 20, 2023

Okta Security
Eric KobrinOct 13, 2023
AnthropyOct 13, 2023
Every company has services like this, no matter how small or big, and your job as sysadmin is to find them before the grim reaper does. I've seriously not worked at a company so far that doesn't have a story like this one:
https://www.theregister.com/2023/10/13/on_call/
Workload written by student made millions, ran on unsupported hardware, with zero maintenance

Nobody minded for 20 years or so, until another student took action

The Register
Eric KobrinSep 29, 2023

@valerievaldes I just finished reading Where Peace Is Lost. I couldn't put it down! The way you incrementally revealed the larger history that led up to the events in the book was perfectly paced. The descriptions of ecological variety in the settings completely immersed me the world you created. You're an amazing writer and I can't wait for your next book!

To the rest of you: Go buy her book!

https://a.co/d/0f6Stmg

#books #scifi #reading #worldbuilding

Amazon.com