Random thoughts ranging from human behavior (neuroscience & psychology) to information security to coffee, gardening, and life reflections.
Neuroscience & Security: The Default Mode Network and Threat Hunting
The brain is compromised of several neural networks. These networks, just as internet networks, traverse different regions of the brain. One network in particular that is important is the Default Mode Network (DMN). What's interesting about this network is that it is always active and processing, when your brain is not actively “doing” anything.
So when you're taking a walk, observing nature, or just people watching, this network is always running. The DMN, and many other neural networks, work on making predications based on information you have experienced in the past. That's what author, _____ presents in her book, _____. She asserts that the much of how we process our experiences is simply a set of instantaneous predictions. Sounds similar to machine learning huh?
In security when you run across a threat, you automatically make some predictions on this threat. But what will help differentiate you vs someone else are all the assumptions you make about that threat without all the information available.
Take for example an incident that says a piece of code in your CI/CD pipeline has been altered.
The way you want to manage your tasks is up to you, it can be a Google Keep note, a spreadsheet, and daily journal like Panda (recommend!), or a personal Trello board.
But when you start working with others, things can get hairy and you have to “grow up” and get some real software. Here is a list of PM software I found:
So there are plenty of alternatives to Auth0, it really depends on what you’re looking for. Here are some ideas and a brief comment on each:
Okta
On par for the most part with Auth0
Very expensive
AWS Cognito
Many features
Much bigger learning curve
Might be cheaper
WorkOS
Does not price per user, only per connection
New company / contender
OSSO
Ruby based only
Business Source License (Not OSS)
YMMV
Of course you can always build a solution in-house using available libraries. Same with the admin panel. However, I’ve seen a lot of mistakes made using this method. Using a reputable 3rd party to manage your users/admin panel will ensure you are always delivering the best security and experience to them.
Also in S1E3 of “The Flight Attendant”, there is a sub-plot about one of the attendants copying proprietary and confidential files from her husbands work computer. She working on behalf of a corporate competitor selling secrets. (27:00)
Her excuse for using the computer was to search on Ebay for a jenga piece.
The S1E3 of the HBO Show “The Flight Attendant” a characters is introduced as the boyfriend of the lawyer who knows his way around a computer. He says:
“I'm good with technology,
and rich people are kind of...
not.
Generally extortion.”
Hilarious. Later in the show the lawyer asks him some “hypotheticals” on digging for information that she's struggling to uncover. (22:51) She asks him how long it would take to get something, he says 20 minutes.
This is all just knowing how to search online for things. Often times referred to as OSINT.
The interesting thing here is that a) this is all legal and b) lawyers should probably know how to do this.
If you grew up in the 80's and 90's, then Animanics was probably part of your life.
Spoiler Alert!
Well, in Episode 5 (S1), in the Pinky and Brain segment, they need to recover a phone call due to amnesia. So Brain came up with the idea of going to the NSA since they had a recording of all phone calls!
The episode was hilarious being in the field for awhile. They even featured Edward Snowden. It was a really enjoyable clip, highly recommend.
In her book, How Emotions Are Made, the author explains how the world we perceive is in fact a construction based on our perception and simulation/predictions of past experiences.
It's quite interesting in fact. Similar to the movies Inception, The Matrix, and recently a movie called Bliss.