On Digital Resurrection
Digital preservation is incredibly important, and if you have the means or energy to support it, I can't recommend it enough. Tangentially, I stumbled on to some dead links, and through preserved materials I easily recreated a now-defunct unitasking site about IPv6 ULAs. That's a small but neat example of how sites can provide value even after the original developer loses interest or funds to run them - as long as we're funding preservation of them. Read more
Howdy, I'm Chris Partridge, a Security Engineer. I do cybersecurity things with a focus on effective software security and internet-scale research.
Also, sometimes I write stuff.
On Digital Resurrection
Public Disclosure: SQLi in wsdot.wa.gov
It's now been over six months since I reported an incident to US-CERT, and was still a trivially exploitable SQLi on the Washington State Department of Transportation website. I made a partial public disclosure while this was still exposing sensitive contractor PII from 1986-2021 including last 4 of SSNs, as well as nearly 73k users from 1999-2021. Around one week after, this issue has been resolved, and I have updated this article to contain complete information. Thank you to everyone that helped get this fixed! Read more
Signs an Intel CPU May Be an Engineering Sample
Intel themselves don't publish any information on identifying Engineering Sample (ES) processors outside of checking the markings on the lid of the CPU. I had an ES CPU once upon a time, and here's what I saw when compared to another similar CPU - it's no definitive guide but it might be useful to some who are concerned about a secondhand CPU they've received. Read more
Why is a 2,000-IP Botnet Torrenting Ubuntu?
About two days ago, hundreds of thousands of leeches were reported on Ubuntu's torrent tracker - downloading gigabits of data, but never reporting that they'd completed any chunks. My precious Linux ISOs (yes, really) were under attack. But whose botnet is this, why are they all downloading Ubuntu, and just how big is the botnet they're controlling? Let's dig in. Read more
What Happened To My Career After Joining Big Tech
What happens when you work for a household name? What happens when that household name has a reputation for only hiring and developing top tech talent? What happens when many recruiters and recruiting firms make a habit of poaching only "the best?" Turns out, your career growth goes exponential - and while that might be good for me now, it wasn't good for me before, and isn't good for the tech field overall. Read more