Jamie McCarthy

@[email protected]
123 Followers
241 Following
568 Posts
Software engineer, vegan, enjoy Ruby on Rails, D&D, and relational databases. Formerly at Vox Media, Slashdot, ThinkGeek.
GitHubhttps://github.com/jamiemccarthy
PronounsHe/him
Show threadJamie McCarthyMar 7

The bad guys have been crawling around Sendgrid's networks for over a year now, and they have news hounds writing their phishing text. Highly topical.

(Every link in here, even "unsubscribe," is a phish to, presumably, steal the credentials of the next customer)

Show threadJamie McCarthyDec 16

The Sendgrid phishing network is getting political, telling its would-be victims: we're putting a pride banner on all your outgoing emails, click our phishing link to remove it.

This is a nine-figure ARR company that's had the bad guys phishing their way through its clients for the last ten months. Has anyone even noticed?

(This is not the CEO's name btw)

Show threadJamie McCarthyNov 26
I'm still getting one of these a day, on average. Is Sendgrid even aware of this?
Show threadJamie McCarthyNov 5
It's still going. Sendgrid folks must be scrambling to try to catch up to the phishing ring. Yikes.
Show threadJamie McCarthyOct 31

Holy shit, I think this is the most sophisticated hacked-Sendgrid phishing attempt yet. Someone apparently pwned a random server owned by selfcast[.]net and is sending Sendgrid email, aimed at Sendgrid admins, with links pointing to it.

selfcast[.]net appears to be a site for actors, but at first glance could plausibly be an alternate domain for an email-sending site. Nope!

The first link in the email looks valid; only the big tempting button is the phish hook

Jamie McCarthyJun 18, 2025
Justin SearlsJun 18, 2025
Becky's Dyson Airwrap can connect to the Dyson app… just realized I can cURL her curler while she curls her hair.
Jamie McCarthyMay 25, 2025
Matt MassicotteMay 21, 2025
Programmers are usually fed a steady diet of features and bug fixes. But occasionally they get to work on performance problems. This development methodology is known as intermittent fasting.
Jamie McCarthyMay 6, 2025
Show threadSimon WillisonMay 6, 2025
@camertron ... and then about four weeks ago ChatGPT running o3 and o4-mini got genuinely good at using its detach tool! Five weeks ago I could have said that ChatGPT+search-tool still wasn't reliable enough to be worth using often https://simonwillison.net/2025/Apr/21/ai-assisted-search/
AI assisted search-based research actually works now

For the past two and a half years the feature I’ve most wanted from LLMs is the ability to take on search-based research tasks on my behalf. We saw the …

Simon Willison’s Weblog
Jamie McCarthyMay 6, 2025
Peter SolnicaMay 6, 2025

Lately, I've been using LLMs more for code investigation than for code generation. Here's Augment in VS Code spitting out a code flow diagram instantly instead of me jumping between files and building a mental model in my head to understand what's going on.

#ai #aicodeassist #vscode #augment

Show threadJamie McCarthyMay 6, 2025

After a few months' pause, the phishing Sendgrid email fake-alerts have started back up this week. They still look pretty realistic! I almost clicked!

The headers show the phishing email as coming from Sendgrid's servers, because it actually is (this customer of theirs was hacked):

Received: from wrqvtcrk.outbound-mail.sendgrid.net (wrqvtcrk.outbound-mail.sendgrid.net. [149.[redacted]])
by mx.google.com with ESMTPS id 3f1490d57ef6-e75c0f0177esi1110886276.78.2025.05.06.03.09.59