A quick rage-thread about credentials. When security auditors just say things like "Critical credentials need to be rotated every 90 days" you need to fire them into the sun with urgency. Here's what you actually need ... First rule of credential management: Rotation does nothing. It's revocation that matters. You always need a well-tested mechanism to make sure that you can remove or invalidate a credential that has been compromised.

I love this work from Google, and as someone who worked a lot on AWS VPC Encryption, it's really interesting to see how the differences in environment result in quite different designs. Just a few thoughts ...

https://twitter.com/campuscodi/status/1531656724708474880

A big difference is that PSP aims to be full end to end solution, replacing TLS and network-level encryption, while VPC encryption is intended to provide additional defense in depth for AWS customer traffic, which mostly already uses TLS, SSH, etc.

Today is a very special day because I finally get to share something amazing that @seakoz and I have been working on: Universal certificate rotation. It's an in-browser capability to rotate *any* certificate. I know that sounds impossible or even insecure but stick with me. Certificate expiry is one of the top causes of internet disruptions, and something we're very passionate about eliminating. We built Amazon Certificate Manager (ACM) with fully automated rotation. ELBs, CloudFront, and Nitro Enclaves all get this for free.

The cryptography that is in 'crypto' is merely enough to serve as a foundation myth of mathematical purity and incorruptibility. It is a blinding lustered talisman used as privatized statecraft to support empires of scams. It is not actually good cryptography. A small thread. Computationally cheap cryptographic currencies with privacy are actually a solved problem. David Chaum pioneered it, but modern zero knowledge systems can do even more. You don't need expensive blockchains for this.

O.k. here's my quick synopsis of this issue: @orcasec discovered and reported an issue that lead to SSRF on hosts and could fetch some local host-level creds and configuration. Great find! 1/n

https://twitter.com/colmmacc/status/1481670721449385984

Our response to issue reports always includes a search for any prior attempts to use the issue. We found none. 2/n

Small thread: Now that a confirmed backdoor using the Dual_EC DRBG is in the news, it's worth revisiting two simple techniques that cryptographic protocols and software can do to make themselves more defensive: 1. public/secret separation, and 2. DRBG mixing.

https://twitter.com/matthew_d_green/status/1433451378391883782

In s2n, we decided to have separate (per-thread) RNGs for "public" data that would appear on the wire - that's mostly Initialization Vectors, the random sections from "hello" messages, and the random jitter we add to errors - and for secret data used for keys.

It's been a while since I've posted a tweet thread, but what better time than right now! This time is all about one of my favorite ways that an AWS customer used an ELB ... as a scheduler, or maybe even a queue. It was May 2013, back when our only ELB type was what we now call Classic Load Balancer (CLB). I remember the time because it was our first new deployment of CLB in a while.

Recently reminded that of all of the bad ideas in SRE culture, that error budgets really are an outright toxic concept. I've only quadrupled down on that in the last few years. Even just hearing the words is like a signal to help deprogram someone. In brief:

1./ The word "budget" is way too often interpreted as "a certain amount of customer pain is something you can spend." Absolutely not. Fire people who intentionally invoke customer pain. With haste.

iCloud Private Relay is one of the coolest things to happen in privacy and network encryption in a while. I'm going to update this thread as I learn more about it. Early impression: Overall it looks great, but I can see a few gotchas too. There are two WWDC21 talks online about it already. The first is a general overview, so it's not too detailed, but it's well crafted.
developer.apple.com/videos/play/ww…

Gateway Load Balancer is *HUGE* and brings a capability to the cloud that has never even existed in traditional/legacy datacenter networks. It's not "just" ECMP. Flows are symmetrical, and sticky! Let me explain ...

https://twitter.com/ric__harvey/status/1326194491452256257

GWLB let's you spread incoming or outgoing traffic over multiple firewalls, intrusion detection devices, packet inspectors, etc. It's horizontal scaling for network appliances, running on EC2 Instances. So far so good ... that sounds like ECMP.

Are you a US Citizen or Green Card holder who has won the tech lottery and has > $100k discretionary income? I know for sure there are some reading. Consider maxing out and donating $5000 to the Fair Fight PAC, and $2800 each to Warnock and Ossoff. Reasons ... First let's acknowledge that campaigns accepting this kind of money is an insanely corrupt practice way outside of international and democratic norms. It biases everything towards the donor class. So please don't expect anything in return ... except a functioning US democracy.

Friday morning tweet thread: some more depth and detail on AWS Nitro Enclaves, the trusted execution environment / confidential computing platform which we launched last week. aws.amazon.com/ec2/nitro/nitr… . Let's dive in! If you're reading this thread, you're almost certain familiar with Amazon EC2. The basics: EC2 customers can launch Instances, which are virtual servers in the cloud. "Virtual" means we make one physical machine seem like many machines. It's powered by our virtual machine tech.

Monday morning mini-thread. I rarely re-read books, but there are essays, letters, and speeches I re-read every year or two. Here I'm going to share 11 that have an enduring impact on me. Each is great writing, but also brilliant thinking. 1. The Inner Ring by CS Lewis lewissociety.org/innerring/. I'm not a big CS Lewis fan, but in this speech he condensed so much about how the world really works, and how corruption arises, and how to resist it.

@bhoflack @danluu We rejected a Maglev-like design because probabilistic LB doesn't work for the vast majority of workloads. Most customers have only 2 LB targets, they're also often slow, and subject to garbage-collection pauses. Probabilistic LB increases utilization way too much. @bhoflack @danluu It's a design that works well when you have lots of very fast, very consistent targets. You could say it worked well at Google then, but I'm not sure I'd agree. It also imposes that constraint tax on your ecosystem; teams may be forced to optimize way earlier.

The updated Apple | Google COVID-19 exposure notification cryptography paper is here: covid19-static.cdn-apple.com/applications/c… . Going to follow up with observations as I read it. O.k. so first off; I've seen speculation that the change from HMAC to AES is to save power. I don't think this is true. The change to AES is to allow the phone to broadcast some encrypted data (the bluetooth power level) that can later be decrypted.

Separate rant for this! Let's count some reasons ...

https://twitter.com/dandago2/status/1224772769709219840

1. If there is any layer that is actually between layer 4 (like TCP) and layer 7 (like HTTP or SMTP) ... *surely* it is TLS. But that's not a layer in the OSI model.

Tuesday Technical Tweet Thread Time! Let's go on the roller coaster of what happens at a low level when a DNS server sends an 4,000 byte EDNS0 response to a client whose MTU is 1200 bytes. Confused already? don't worry, we'll break it down. I promise it's super interesting. o.k. so DNS, the so-called "phonebook of the internet" (if you look the other way and ignore that that's a better metaphor for Google) ... ANYWAY ... DNS runs over the User Datagram Protocol (UDP).

Tuesday Tweet Thread is a "Today in Infosec" one. It's 10 years since @marshray published one of my favorite TLS/SSL issues, and the best named. The Pizza Attack! Read about it in EKR's blog post from the time: educatedguesswork.org/2009/11/unders… ... @marshray In a case of "History doesn't repeat itself, but it does rhyme", the attack is similar in several ways to the latest HTTP "DESYNC" attacks. The Pizza attack hinged on inconsistencies between layers, and clever use of HTTP headers to hide requests.

Tuesday Tweet Thread time! Today's is special. 5 pieces of programming advice: write tests, think in data structures, learn functional programming, check everything and bail on bad, and use "why" not "what" comments. Plus a small totally open $1,000 programming contest. O.k. ... First a disclaimer: I've been programming for over 30 years, and for 20 years on mission critical systems, and these are thoughts from that and from observing and helping beginners, but there are many paths to walk, and no single perfect way to program. Find what works for you!

Tuesday Tweet thread! Today's is a small career or leadership advice thread and my advice is to argue at, and never just attend, a meeting. Remember: argue, not attend ... First, just attending a meeting, sitting there passively or whatever can be just the worst. Good chance it's a waste of your time, and if you're not contributing, no-one is getting the benefit of your insight, expertise, point of view, etc.

At re:Inforce we revealed two previously unannounced AWS network encryption features. One is embedded in our Nitro hardware security system, the other is for network links. But I want to take a second to zoom in just on multi-party key distribution ...

https://twitter.com/colmmacc/status/1143572552180277248

The root of trust in any cryptographic or authentication system is usually based on one or two things: key distribution, and high-quality randomness. With Nitro we also have our own high-quality hardware secure random number generators. Key distribution is a harder problem.