markofu’s blog

It's no surprise that attackers will use recruiters as targets for a compromise and like many companies, we've seen the usual applications with XSS and macros. Today I received something slightly different which I figured was worth sharing - As you'd expect, the candidate details are fabricated so we can't progress :( P.S. We are actually hiring in Dublin, Istanbul, St Louis and LA for security engineers:) 

Socialising Security @ Riot Quick Link: Presentation here . Background In late November last year, I had the honour of following the illustrious David Rook (ex-SecurityNinja :) ) in the Owasp Dublin Chapter meeting (thanks Ow en & Owasp Ireland) . Quite a few people (mostly Chris John Riley ) reached out and said: “The presentation looks cool and I'm jealous of the cool artwork but context, need MOAR context!” From an OpSec perspective, it's not always possible to include all the context when it comes to publicising security presentations, but @Riot, the goal of the InfoSec team is to socialise security within Riot, our players, the gaming community and the security community. Tl;dr Each Rioter is responsible for their own security   Riot has posed very new challenges (for me) - Scale Volume of Incidents (i.e. a successful compromise, a leak, a ddos attack) Open policy to security ( this is the bit that will draw the crowd ) We want to...

Receiving mails via LinkedIn is an interesting experience. For example, how many folk actually personalise "contact requests" - from what I see, less than 1%. I typically try to because I think it shows some thought has gone into the request and it's friendly, but then "manners" on the Internet is a very different thing to the real world, right ;-) Anyway, to the point of the blog post. In early November (2012), whilst I was preparing my Security Onion presentation for IrissCon  (why did I bother when my MBP died on-stage), I received a very interesting and personal email via LinkedIn. The email came from a "Senior International Belief Instigator" (let's call him the SIBI - to save me typing) at Riot Games and the email was literally awesome, it hit many of the key points that you'd hope for in a recruiter email but it also had a wonderful tone. In my ignorance, I knew of League of Legends but not Riot (yes, I am embarrassed by that). I r...