Jerry Dixon

@[email protected]
215 Followers
39 Following
20 Posts
CISO @ CrowdStrike -former DHS NCSD/US-CERT Alum & Desert Storm Vet (AATW)
Jerry DixonMar 16, 2025
Dan GoodinMar 15, 2025
Is anyone following this breach involving the j-actions/changed-files GitHub Action? Seems pretty major, but I'm still trying to figure out exactly what's going on, who's affected, and what people (and how many) are affected. If you can help me get up to speed please DM me on Signal -- DanArs.82, or on Mastodon https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity

tj-actions/changed-files

Show threadJerry DixonJan 27, 2024
@JosephMenn still crazy to me that vendors require you to buy the “security log SKU” to be able to monitor for attacks or build alerting to enable rapid response. Microsoft and Salesforce are two big firms that hold lots of sensitive data but require you to spend big bucks for telemetry for their apps/infra!
Show threadJerry DixonOct 10, 2023
@briankrebs Damon is a sharp dude and thanks for sharing!
Jerry DixonOct 10, 2023
BrianKrebsOct 10, 2023

There's an important vulnerability being disclosed today that allows attackers to massively increase the size of DDoS attacks.

The flaw is being tracked as CVE-2023-44487, a.k.a. "HTTP/2 Rapid Reset Attack." According to Damian Menscher at Google, the attack "works by sending a request and then immediately cancelling it (a feature of HTTP/2). This lets attackers skip waiting for responses, resulting in a more efficient attack."

More info:

https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack

https://aws.amazon.com/blogs/security/how-aws-protects-customers-from-ddos-events/

https://aws.amazon.com/security/security-bulletins/AWS-2023-011/

https://www.cloudflare.com/press-releases/2023/cloudflare-helps-discover-new-online-threat-that-led-to-largest-attack-in/

How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack | Google Cloud Blog

Learn how the new DDoS attack technique Rapid Reset works, and how to mitigate it

Google Cloud Blog
Show threadJerry DixonJul 21, 2023
@RyanWelsh in the mid-Atlantic :)
Jerry DixonJul 20, 2023
@binsk exactly - my thoughts
Jerry DixonJul 20, 2023
Fun doc visit today-power goes out comes back quickly then all the Windows machines started updates-took 15 minutes before they were able to view X-rays or access electronic health records - Doc apologizing and then we talked about PC hygiene :) meanwhile waiting room getting full due to delays from the updates - plus entertaining with nurses running to each room to see if there was a machine back up and running …15 minute ripple effect FTW
Show threadJerry DixonJul 19, 2023
@mdfranz already regretting looking… :)
Show threadJerry DixonJul 19, 2023
@mdfranz now I have to go look …
Jerry DixonApr 24, 2023
Eric CapuanoApr 24, 2023

1Password to begin collection anonymous telemetry (no user/site/vault info) to help measure application performance.

I can appreciate their over-the-top transparency and commitment to not collect actual user data, but making this opt-out versus opt-in is a head scratcher.

Give your users the option to actively opt-in, not an opt-out they will probably never see. @1password

https://blog.1password.com/privacy-preserving-app-telemetry/ #1password

We're changing how we discover and prioritize improvements | 1Password

Learn about a new, privacy-preserving in-app telemetry system that 1Password is trialing with its employees.

1Password Blog