posts @ https://blog.lizzie.io
Hey, I'm Lizzie Dixon. I'm a computer security researcher living in San Francisco and writing about vulnerabilities and software projects.
Like what I write? Interested how I could help with your company or project? I do consulting work, typically for growing startups. Here's what that usually looks like:
- A one- or two-week-long engagement to get you off on the right foot security-wise. I'll explore your codebase for vulnerabilities and help your team understand the kinds of issues that threaten your company and product.
- A periodic engagement, often quarterly or monthly, where I review particular areas of code, read pull requests, and address outstanding concerns.
We'll also schedule longer, one-off engagements as bigger projects come up. Throughout this all I'll work to document my findings and recommendations and help you build a strong, security-aware team and culture.
I'd love to discuss any of this over coffee. You can reach me at firstname.lastname@example.org. ☕
- 2018-07-18 Clickjacking Chrome Extensions: a year-old bug in PrivacyBadger.
- 2018-07-13 Preventing USB Attacks with
linux-hardened: an update for a post-Grsecurity world.
- 2017-03-27 Breaking KASLR with
perf: sampling addresses with
- 2016-12-12 Preventing USB Attacks with Grsecurity: BadUSB, poisontap, et al.
- 2016-11-03 CVE-2016-6321 notes: "pointyfeather", a logic bug in GNU tar.
- 2016-10-22 Using
userfaultfd: sample code!
- 2016-10-17 Linux containers in 500 lines of code: …and 3000 lines of text.
- 2016-10-14 Exploiting CVE-2016-8606: a cross-protocol attack from browsers to Guile Scheme repls!
- 2016-10-06 Notes about CVE-2016-7117: a use-after-free in the Linux kernel, in