Articles
Long-form writing on tech, culture, and the edges of the internet.
Lagos published guidelines, not controls
Lagos cybersecurity guidelines describe intent, not enforcement. An operator analysis of why policy without system-level controls does not stop attackers.
Pick offense or defense
Two paths into infosec - offense and defense - broken down at the mechanism level. Foundation, tooling, telemetry, and the divergence point.
The helpdesk chat window is the breach
Microsoft Teams helpdesk impersonation succeeds because identity verification is placed at the channel boundary, not at the credential action.
The power adapter was the attack
A WiFi camera concealed in a hotel power adapter transmitted to a foreign server. The boundary failed at the physical layer.
Your security scanner is the breach.
Cisco source code stolen, AWS keys breached, 300 repositories cloned. The exfiltration channel was Trivy operating inside Cisco's CI pipeline.
1,300 SharePoint servers speaking for someone else
Over 1,300 SharePoint servers expose a spoofing primitive where authentication and identity validation collapse into a single unenforced control.
135 Million Records Behind One Perimeter
McGraw Hill's 135 million account exposure proves edtech identity was classified low-risk while attackers priced it as inventory.
Claude Desktop installs silent macOS persistence
macOS grants signed apps install-time trust, then stops validating. Persistence lives in that gap. The trust model is the exposure.
Forage simulation maps your broken controls
The Mastercard Forage cybersecurity simulation surfaces the same enforcement drift red teamers exploit in mature security programs. Operator breakdown.
Microsoft ships emergency ASP.NET patch
Microsoft's emergency ASP.NET patch exposes framework-level trust inheritance. Verify by version check, not deployment logs, to close the window.
Model Output Crossed the Trust Boundary Unchallenged
Model output crossing an integration boundary without verification becomes operational truth. The failure is on the consumer side, not the producer.
OAuth ate your secrets
The Vercel OAuth breach shows environment variables are not protected by location, only by the identity assertion placed in front of them.