Posts

I was working at a certain security company (my first “multi”) and I was a few months into the job, when I received an email. I don’t remember what exactly it was about, but it smelled phishy and I thought I’ll investigate it. I fired up a vanilla VM, pasted the url there and opened the linked webpage, which resembled the Office 365 login pretty well. Obviously, it was fake. I wondered how far the author went, so I typed in some fake logon information and hit submit. Of course, it responded with some fake error message, but nothing else happened. ...

Let’s Do “Vibe Coding” How it began First of all, I hate the term so much, I have no words for it. But if I write “AI-augmented software development,” that would be accurate—yet confusing. So, giving in (like we did in the early 2000s, when hackers became the title of bad guys instead of the good ones), I tried some vibe coding. I’d like to start by stating that I’m not new to AI or AI tools. Back when ChatGPT went live, I was working at Zapier, and it was very clear from leadership (awesome foresight from Wade) that everyone needed to get familiar with it, as it would become a major focus for the company. I immediately looked into OpenAI’s APIs and what we could build with them. Since then, I’ve been creating various AI chatbots and agents, partly for work and partly as a hobby. ...

I work in a business where latency is critical. We’re constantly striving to improve latency, even though some expectations are almost unrealistic. I’ve been asked why we don’t offer PrivateLink. Simply put, it doesn’t improve the situation. While eliminating some internal network hops might be possible with trusted customers, the network connection remains unchanged. AWS doesn’t have a special backbone for PrivateLink, and if the standard AWSIP-to-AWSIP route isn’t optimized, it would reflect poorly on the network engineers, which isn’t the case. ...

Media Hype and the ESP32 “Backdoor”: The Real Cost of Overblown Security Reporting In early 2025, headlines like “Vulnerability Found in 1 Billion Devices” started making waves in tech media. They referred to the discovery of undocumented HCI commands in Espressif’s popular ESP32 chip. While the issue (CVE-2025-27840) raised valid concerns, much of the coverage blew it out of proportion, creating unnecessary panic and confusion. As a security professional, I believe this kind of exaggeration does more harm than good—not just for manufacturers like Espressif, but for how we as an industry handle security events. ...