user avatar
Chris Wysopal
@WeldPond
Hacker. Co-founder/CTO Veracode. Former L0pht security researcher. GenAI Auto-repair of vulns is the future @weld.bsky.social @[email protected]
Boston, MA
en.wikipedia.org/wiki/Chris_Wys…
Joined March 2008
1,022
Following
55.4K
Followers
Posts
  • Pinned
    user avatar
    Chris Wysopal
    @WeldPond
    May 19
    28 years ago today, 7 members of the hacking group @L0phtHeavyInd told the U.S. Senate they could "shut down the internet in 30 minutes."
    52K
  • user avatar
    Chris Wysopal
    @WeldPond
    Apr 8, 2019
    So the Secret Service stuck Zhang's thumbdrive into their computer. miamiherald.com/news/politics-…
  • user avatar
    Chris Wysopal
    @WeldPond
    Oct 4, 2021
    What are all the people who used "Sign in with Facebook" doing now?
  • user avatar
    Chris Wysopal
    @WeldPond
    Jul 20, 2023
    We've lost a true pioneer of the digital world, Kevin Mitnick. His ingenuity challenged systems, incited dialogues, and pushed boundaries in cybersecurity. He will remain a testament to the uncharted power of curiosity. #RIPKevinMitnick
    323K
  • user avatar
    Chris Wysopal
    @WeldPond
    Apr 8, 2019
    Replying to @WeldPond
    .@sifutweety pointed out that the fact that this is getting so many retweets is a credit to infosec education -- everyone knows this is a stupid idea.
  • user avatar
    Chris Wysopal
    @WeldPond
    Oct 19, 2020
    Does anyone want to share 15% of their password?
  • user avatar
    Chris Wysopal
    @WeldPond
    Nov 29, 2023
    "There are nearly 600K unfilled cybersecurity jobs in the U.S. right now, and about 3.5M open roles globally, says Lisa Gevelber, Google’s chief marketing officer for the Americas" This is because all the openings are entry level positions requiring 5 yrs experience.
    170K
  • user avatar
    Chris Wysopal
    @WeldPond
    Dec 13, 2021
    Log4j 2.16.0 is out and completely disables JNDI by default. logging.apache.org/log4j/2.x/chan…
  • user avatar
    Chris Wysopal
    @WeldPond
    Feb 24, 2022
    Current status: Sorry, I’ll have to get back to you. I’m dealing with an open source issue.
  • user avatar
    Chris Wysopal
    @WeldPond
    Aug 18, 2022
    "Password expiration requirements do more harm than good, because these requirements make users select predictable passwords" Thank you Microsoft. NIST agrees. Everyone who attacks password auth agrees. Can we get compliance to update their requirements.
    Microsoft Learn
    Password policy recommendations - Microsoft 365 admin
    From learn.microsoft.com
  • user avatar
    Chris Wysopal
    @WeldPond
    Oct 19, 2021
    My son me asked for some fidget toys.
  • user avatar
    Chris Wysopal
    @WeldPond
    Oct 28, 2019
    Ah, the good old days.
  • user avatar
    Chris Wysopal
    @WeldPond
    Oct 8, 2024
    If you have an .io domain you should read this. When the British government announced last week that it was transferring sovereignty of an island in the Indian Ocean to the country of Mauritius, Gareth immediately realized its online implications: the end of the .io domain
    The Disappearance of an Internet Domain
    From every.to
    291K
  • user avatar
    Chris Wysopal
    @WeldPond
    Dec 18, 2024
    Due to U.S. telco networks being compromised, today CISA is recommending: 1. Use only end-to-end encrypted communications 2. Enable Fast Identity Online (FIDO) phishing-resistant authentication 3. Migrate away from Short Message Service (SMS)-based MFA 4. Use a password manager
    170K