Like many in the industry, we are mentally preparing for the trip out to Las Vegas for the US's crowning trio of big security conferences: BSidesLV, Black Hat USA, and DEF CON. Every year tens of thousands make the annual pilgrimage to the "Hacker Summer Camp" trifecta to see friends, learn from the smorgasbord of…| Thinkst Thoughts
You’re moments away from finishing a feature you’ve been working on for the last two weeks when you get a Slack notification that the frontend test pipeline has failed for the 824th time that year. It’s the same handful of flaky tests that fail whenever there’s a half-moon. You make a note to fix these tests and get back to finishing that feature. We were in this situation and asked ourselves whether we enjoyed building and maintaining our frontend test system. The answer was no, so...| Thinkst Thoughts
[ This is a lightly edited internal post we've made public.] Last week we had booths at DevConf Joburg, and DevConf Cape Town. They’re two ZA events run by the same crew with the same speakers, two days and 1400kms apart. The organisers set a bar in ZA for putting on polished and well-run events. Where the…| Thinkst Thoughts
At Thinkst, we build tools to make attackers’ lives harder and defenders’ lives easier. Our latest Canarytoken does exactly that—introducing the SAML IdP App Canarytoken (already available on canarytokens.org, but now available on customer Consoles too!) Where our Fake App Canarytokens for iOS and Android detect badness at the device level, SAML IdP App Canarytokens help at the identity level. Organisations rely on Single Sign-On (SSO) to manage authentication across their cloud applic...| Thinkst Thoughts
TL;DR Our credit card Canarytokens are out of beta and flying to your consoles! We love these tokens because they provide a novel way to alert on a strong signal of badness. They also perfectly embody our concept of conspicuous deception. Conspicuous deception is our take that simply knowing that a credit card could be a Canarytoken adds risk to the process of stealing, selling, testing, and committing fraud on all cards. Now, fraudsters have to worry that testing or using a stolen card mig...| Thinkst Thoughts
Cheap tchotchke, pushy salespeople and silly gimmicks. Vendor booths are often considered horrible wastes of time (and money). But we think they are great and keep recommending them to friends. It’s not because we throw money around either. We never raised capital, so even though we crossed $19m in ARR last year, we still watch our marketing spend judiciously. We don’t do airport ads and we don’t pay fancy analyst firms. (In fact, we still don’t do any outbound sales). But.. our booth...| Thinkst Thoughts
Most security products are terrible. For years our industry has managed to get by because our products were mandated by someone or some regulation, and users were trained to accept that security and usability were necessary trade-offs. This was just the prevailing truth. One of the reasons we always promote hacker-led companies is because hackers delight in challenging accepted truths. We think this applies as much to product design as it does to smashing the stack. In a few months, Thinkst w...| Thinkst Thoughts
In 2019, we created (and wrote about) our Skyball pyramid – a cute way to stack the super-bouncy balls we give away at conferences. This year we took it up a notch (thanks to Andrew bringing out SCR2!) Like the previous version, we can now make arbitrarily sized pyramids (which also allows us to shrink the base as we start to run out of balls). More importantly though.. Moar Birds! It’s tiny, but it’s one of those things we love. Most people who visit the booth won’t notice the pyra...| Thinkst Thoughts
This is a short post describing how to debug Flask apps with the ever-useful rpdb, along with a few gotchas to be careful of. Our workhorse web backend is Flask+uWSGI, running on standalone EC2 instances. At the same time we rely on Twisted for several backend services. On occasion a Thinkster might need to debug one of these services on one of the EC2 instances. Due to our instance isolation strategy, it’s tricky to get fancy remote debugging running, such as VS Code’s Remote Debugging. ...| Thinkst Thoughts
Introduction A counterintuitive truth is that great products are defined by both the features they include, as well as those they don’t. We spend a lot of time pondering potential new features for Thinkst Canary to make sure the added value exceeds the inevitable cognitive complexity that new features (or new UX elements) bring. This…| Thinkst Thoughts