Haroon Meer
@haroonmeer.canary.love
Security Geek. We build Thinkst Canary - https://canary.tools
Reposted by Haroon Meer
You can catch our @haroonmeer.canary.love on this weeks episode of Risky Business complaining about security vendors approach to security.
It's worth a listen.
risky.biz/RB814/
It's worth a listen.
risky.biz/RB814/
Risky Business #814 -- It's a bad time to be a scam compound operator - Risky Business Media
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:* The KK Park scam compound in Myanmar [Read More]
risky.biz
November 12, 2025 at 6:01 PM
You can catch our @haroonmeer.canary.love on this weeks episode of Risky Business complaining about security vendors approach to security.
It's worth a listen.
risky.biz/RB814/
It's worth a listen.
risky.biz/RB814/
Reposted by Haroon Meer
This quarter we announced two new platforms for Canary: Oracle Cloud Infra. (OCI) & Nutanix.
Our v1 was a hardware device, but today, Canary also runs on
- GCP,
- AWS,
- VMware,
- Azure,
- Docker,
- Tailscale,
- OCI,
- Nutanix.
Still dead simple. Still "just works!"
Our v1 was a hardware device, but today, Canary also runs on
- GCP,
- AWS,
- VMware,
- Azure,
- Docker,
- Tailscale,
- OCI,
- Nutanix.
Still dead simple. Still "just works!"
October 30, 2025 at 12:44 PM
This quarter we announced two new platforms for Canary: Oracle Cloud Infra. (OCI) & Nutanix.
Our v1 was a hardware device, but today, Canary also runs on
- GCP,
- AWS,
- VMware,
- Azure,
- Docker,
- Tailscale,
- OCI,
- Nutanix.
Still dead simple. Still "just works!"
Our v1 was a hardware device, but today, Canary also runs on
- GCP,
- AWS,
- VMware,
- Azure,
- Docker,
- Tailscale,
- OCI,
- Nutanix.
Still dead simple. Still "just works!"
Startup Idea: A safe way for CEO's to request staff members to acquire gift-cards...
October 16, 2025 at 8:06 AM
Startup Idea: A safe way for CEO's to request staff members to acquire gift-cards...
I honestly don’t mind if Trump gets a Nobel for stopping the slaughter in Gaza.
We’ve destroyed so many other post-war global institutions over this insanity, one more won’t hurt 🤷♂️
We’ve destroyed so many other post-war global institutions over this insanity, one more won’t hurt 🤷♂️
October 9, 2025 at 5:08 PM
I honestly don’t mind if Trump gets a Nobel for stopping the slaughter in Gaza.
We’ve destroyed so many other post-war global institutions over this insanity, one more won’t hurt 🤷♂️
We’ve destroyed so many other post-war global institutions over this insanity, one more won’t hurt 🤷♂️
Reposted by Haroon Meer
Canary tokens are incredible, bravo @thinkstcanary.canary.tools
September 26, 2025 at 3:47 PM
Canary tokens are incredible, bravo @thinkstcanary.canary.tools
Reposted by Haroon Meer
Leighton & Sharukh just snuck a quick update into canarytokens.org to allow you to easily manage all the tokens you've previously created.
Still just $0.00
Still one of the best things you can do to detect attackers before they dig in...
Still just $0.00
Still one of the best things you can do to detect attackers before they dig in...
September 24, 2025 at 5:28 PM
Leighton & Sharukh just snuck a quick update into canarytokens.org to allow you to easily manage all the tokens you've previously created.
Still just $0.00
Still one of the best things you can do to detect attackers before they dig in...
Still just $0.00
Still one of the best things you can do to detect attackers before they dig in...
It’s so disingenuous to keep pushing Palestinian liberation further down the the road..
The “doing X now only hampers long term success” argument can’t be used after decades of failure..
We’ve tried the alternative - let’s try ending the occupation?
The “doing X now only hampers long term success” argument can’t be used after decades of failure..
We’ve tried the alternative - let’s try ending the occupation?
September 21, 2025 at 5:31 PM
It’s so disingenuous to keep pushing Palestinian liberation further down the the road..
The “doing X now only hampers long term success” argument can’t be used after decades of failure..
We’ve tried the alternative - let’s try ending the occupation?
The “doing X now only hampers long term success” argument can’t be used after decades of failure..
We’ve tried the alternative - let’s try ending the occupation?
Rome takes their FLOSS licenses seriously..
September 20, 2025 at 3:36 PM
Rome takes their FLOSS licenses seriously..
Reposted by Haroon Meer
Today we released our new (free) AWS Infrastructure Canarytoken on canarytokens.org.
It catches attackers in your AWS account by putting tempting assets in their way and alerting you if they get probed.
(1 of 3)
It catches attackers in your AWS account by putting tempting assets in their way and alerting you if they get probed.
(1 of 3)
September 15, 2025 at 4:36 PM
Today we released our new (free) AWS Infrastructure Canarytoken on canarytokens.org.
It catches attackers in your AWS account by putting tempting assets in their way and alerting you if they get probed.
(1 of 3)
It catches attackers in your AWS account by putting tempting assets in their way and alerting you if they get probed.
(1 of 3)
This talk by Ollie Whitehouse is worth watching for Cybersecurity vendors, startups and purchasers.
0 hype, with a bunch of plain-talk current and future challenges (and opportunities).
Vendors: do better..
Buyers: demand better..
youtu.be/UVNMozEgYtY?...
0 hype, with a bunch of plain-talk current and future challenges (and opportunities).
Vendors: do better..
Buyers: demand better..
youtu.be/UVNMozEgYtY?...
The Wicked Problems and Opportunities of Cyber - Ollie Whitehouse
YouTube video by BSides Bournemouth
youtu.be
September 6, 2025 at 12:12 PM
This talk by Ollie Whitehouse is worth watching for Cybersecurity vendors, startups and purchasers.
0 hype, with a bunch of plain-talk current and future challenges (and opportunities).
Vendors: do better..
Buyers: demand better..
youtu.be/UVNMozEgYtY?...
0 hype, with a bunch of plain-talk current and future challenges (and opportunities).
Vendors: do better..
Buyers: demand better..
youtu.be/UVNMozEgYtY?...
Reposted by Haroon Meer
Most of the company is in CapeTown this week for our annual ThinkstCon.
This means lots of green stuff, and lots of padel.
💪💚
This means lots of green stuff, and lots of padel.
💪💚
September 1, 2025 at 9:04 PM
Most of the company is in CapeTown this week for our annual ThinkstCon.
This means lots of green stuff, and lots of padel.
💪💚
This means lots of green stuff, and lots of padel.
💪💚
Reposted by Haroon Meer
It's our birthday, so we created a tiny skunk(worksy) game for you to play..
Complete all 7 continents, and we will send you a limited-edition, 10-year t-shirt.
Have fun!! (but watch out for the Canaries)
canary.tools/10-year
Complete all 7 continents, and we will send you a limited-edition, 10-year t-shirt.
Have fun!! (but watch out for the Canaries)
canary.tools/10-year
August 29, 2025 at 5:24 PM
It's our birthday, so we created a tiny skunk(worksy) game for you to play..
Complete all 7 continents, and we will send you a limited-edition, 10-year t-shirt.
Have fun!! (but watch out for the Canaries)
canary.tools/10-year
Complete all 7 continents, and we will send you a limited-edition, 10-year t-shirt.
Have fun!! (but watch out for the Canaries)
canary.tools/10-year
Reposted by Haroon Meer
In April this year, @grafana.bsky.social had a security incident due to an insecure GitHub Action. The attackers even tried covering their tracks.
How were they discovered? Canarytokens..
Check out their post¹ on how they use our tokens at scale..
__
¹ grafana.com/blog/2025/08...
How were they discovered? Canarytokens..
Check out their post¹ on how they use our tokens at scale..
__
¹ grafana.com/blog/2025/08...
Canary tokens: Learn all about the unsung heroes of security at Grafana Labs | Grafana Labs
Learn why the use of canary tokens let us spot a recent intrusion and swarm quickly in response, and find out why you should be using canary tokens to prevent serious security incidents in the future.
grafana.com
August 27, 2025 at 10:02 AM
In April this year, @grafana.bsky.social had a security incident due to an insecure GitHub Action. The attackers even tried covering their tracks.
How were they discovered? Canarytokens..
Check out their post¹ on how they use our tokens at scale..
__
¹ grafana.com/blog/2025/08...
How were they discovered? Canarytokens..
Check out their post¹ on how they use our tokens at scale..
__
¹ grafana.com/blog/2025/08...
Reposted by Haroon Meer
How do you know you're compromised?
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
Canary tokens: Learn all about the unsung heroes of security at Grafana Labs | Grafana Labs
Learn why the use of canary tokens let us spot a recent intrusion and swarm quickly in response, and find out why you should be using canary tokens to prevent serious security incidents in the future.
grafana.com
August 26, 2025 at 8:20 AM
How do you know you're compromised?
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
I know academic papers usually prefer to do vendor neutral studies, but it would be fun to see an empirical study of security-vendor-X through the ages.
“Rarely is the question asked: Is our c̵h̵i̵l̵d̵r̵e̵n̵ vendors learning?”
“Rarely is the question asked: Is our c̵h̵i̵l̵d̵r̵e̵n̵ vendors learning?”
August 26, 2025 at 1:14 PM
I know academic papers usually prefer to do vendor neutral studies, but it would be fun to see an empirical study of security-vendor-X through the ages.
“Rarely is the question asked: Is our c̵h̵i̵l̵d̵r̵e̵n̵ vendors learning?”
“Rarely is the question asked: Is our c̵h̵i̵l̵d̵r̵e̵n̵ vendors learning?”
At BlackHat this year we paid a student to walk the business hall (for both days) to collect as much swag as possible.
We wondered if we would learn anything useful from it.
Prelim. findings are not particularly interesting 🤷♂️
We wondered if we would learn anything useful from it.
Prelim. findings are not particularly interesting 🤷♂️
August 22, 2025 at 7:39 AM
At BlackHat this year we paid a student to walk the business hall (for both days) to collect as much swag as possible.
We wondered if we would learn anything useful from it.
Prelim. findings are not particularly interesting 🤷♂️
We wondered if we would learn anything useful from it.
Prelim. findings are not particularly interesting 🤷♂️
Reposted by Haroon Meer
"We had good success with your canaries at ..."
"I would like to intro my (new) team at ...."
10 years in && we still do 0 outbound sales.
We've had the best customers since day-1!
💪💚
"I would like to intro my (new) team at ...."
10 years in && we still do 0 outbound sales.
We've had the best customers since day-1!
💪💚
August 15, 2025 at 5:40 PM
"We had good success with your canaries at ..."
"I would like to intro my (new) team at ...."
10 years in && we still do 0 outbound sales.
We've had the best customers since day-1!
💪💚
"I would like to intro my (new) team at ...."
10 years in && we still do 0 outbound sales.
We've had the best customers since day-1!
💪💚
I thought Ezra Klein came across badly when he & Ta-Nehisi talked Israel/Palestine¹ - but he did the same discussing “Genocide” with Phillipe Sands².
Sands: it’s not complex, splitting hairs is a distraction
Klein: let’s split some hairs
__
¹ youtu.be/Tg77CiqQSYk?...
² youtu.be/RrhBypHFYPY?...
Sands: it’s not complex, splitting hairs is a distraction
Klein: let’s split some hairs
__
¹ youtu.be/Tg77CiqQSYk?...
² youtu.be/RrhBypHFYPY?...
Ta-Nehisi Coates on Israel: ‘I Felt Lied To.’
YouTube video by The Ezra Klein Show
youtu.be
August 13, 2025 at 2:31 PM
I thought Ezra Klein came across badly when he & Ta-Nehisi talked Israel/Palestine¹ - but he did the same discussing “Genocide” with Phillipe Sands².
Sands: it’s not complex, splitting hairs is a distraction
Klein: let’s split some hairs
__
¹ youtu.be/Tg77CiqQSYk?...
² youtu.be/RrhBypHFYPY?...
Sands: it’s not complex, splitting hairs is a distraction
Klein: let’s split some hairs
__
¹ youtu.be/Tg77CiqQSYk?...
² youtu.be/RrhBypHFYPY?...
Reposted by Haroon Meer
A friendly reminder from your Canary Console that if you are in the Northern Hemisphere, you can probably check out the Perseid meteor shower this week..
💪💚💫
💪💚💫
August 11, 2025 at 4:32 PM
A friendly reminder from your Canary Console that if you are in the Northern Hemisphere, you can probably check out the Perseid meteor shower this week..
💪💚💫
💪💚💫
Reposted by Haroon Meer
BlackHat boothing was great. We got to hang-out with customers & chat Canary with a bunch of new folks..
Our booth has changed, our tech has levelled up (by orders of magnitude) but it's the same price¹ as always, & still "just works!"
__
¹ Still never increased prices since year-1
Our booth has changed, our tech has levelled up (by orders of magnitude) but it's the same price¹ as always, & still "just works!"
__
¹ Still never increased prices since year-1
August 8, 2025 at 7:09 PM
BlackHat boothing was great. We got to hang-out with customers & chat Canary with a bunch of new folks..
Our booth has changed, our tech has levelled up (by orders of magnitude) but it's the same price¹ as always, & still "just works!"
__
¹ Still never increased prices since year-1
Our booth has changed, our tech has levelled up (by orders of magnitude) but it's the same price¹ as always, & still "just works!"
__
¹ Still never increased prices since year-1
1) I totally think that LLMs are amazing;
2) The BlackHat showroom floor was embarrassingly covered in AI/Agentic/*
2) The BlackHat showroom floor was embarrassingly covered in AI/Agentic/*
August 8, 2025 at 4:46 PM
1) I totally think that LLMs are amazing;
2) The BlackHat showroom floor was embarrassingly covered in AI/Agentic/*
2) The BlackHat showroom floor was embarrassingly covered in AI/Agentic/*
So long Vegas. Was leet meeting customers and old friends, but I’m out early.
August 8, 2025 at 2:25 AM
So long Vegas. Was leet meeting customers and old friends, but I’m out early.
Reposted by Haroon Meer
The 2025, Q2 edition of ThinkstScapes is now available for download¹ at thinkst.com/ts
If you are in Vegas for BlackHat, swing by our booth for a hard copy.
This edition tracks "over 1,450 talks & papers & almost 1,400 blog posts"
__
¹ As always, completely free
If you are in Vegas for BlackHat, swing by our booth for a hard copy.
This edition tracks "over 1,450 talks & papers & almost 1,400 blog posts"
__
¹ As always, completely free
August 6, 2025 at 4:31 PM
The 2025, Q2 edition of ThinkstScapes is now available for download¹ at thinkst.com/ts
If you are in Vegas for BlackHat, swing by our booth for a hard copy.
This edition tracks "over 1,450 talks & papers & almost 1,400 blog posts"
__
¹ As always, completely free
If you are in Vegas for BlackHat, swing by our booth for a hard copy.
This edition tracks "over 1,450 talks & papers & almost 1,400 blog posts"
__
¹ As always, completely free