The average phishing site doesn’t live very long– think hours rather than days or weeks. Attackers use a variety of techniques to try to keep ahead of the Defenders who work tirelessly to break their attack chains and protect the public. Defenders have several opportunities to interfere with attackers: Each of these represents a weakContinue reading “Attack Techniques: Open Redirectors, CAPTCHAs, Site Proxies, and IPFS, oh my”
Author Archives: ericlaw
Slow Seaside Half
After my first real-world half marathon in January, I ended up signing up for the 2024 race, but I also quickly decided that I didn’t want to wait a full year to give it another shot. A day or so later, I signed up for the Galveston Island Half Marathon at the end of February,Continue reading “Slow Seaside Half”
Q: “Remember this Device, Doesn’t?!?”
Q: Many websites offer a checkbox to “Remember this device” or “Remember me” but it often doesn’t seem to work. For example, this option on AT&T’s website shown when prompting for a 2FA code: …doesn’t seem to work. What’s up with that? A: Unfortunately, there’s no easy answer here. There is no browser standard forContinue reading “Q: “Remember this Device, Doesn’t?!?””
Attack Techniques: Blended Attacks via Telephone
Last month, we looked at a technique where a phisher serves his attack from the user’s own computer so that anti-phishing code like SmartScreen and SafeBrowsing do not have a meaningful URL to block. Another approach for conducting an attack like this is to send a lure which demands that the victim complete the attackContinue reading “Attack Techniques: Blended Attacks via Telephone”
A New Era: PM -> SWE
tl;dr: As of last week, I am now a Software Engineer at Microsoft. My path to becoming a Program Manager at Microsoft was both unforeseen (by me) and entirely conventional. Until my early teens, my plan was to be this guy: I went to Space Camp and Space Academy, and spent years devouring endless booksContinue reading “A New Era: PM -> SWE”
text/plain 