LastPass releases update for security vulnerability:
– The vulnerability allowed extracting credentials of previously-visited websites.
– Tavis Ormandy: "I think it's fair to call this 'High' severity, even if it won't work for *all* URLs."
– fixed in v4.33.0/v4.33.
"Basic Electron Framework Exploitation"
ProtonMail adds support for Web Key Directory (WKD), DANE, and MTA-STS:
– WKD is also available for external keys now
– DANE is also available for custom domains
– Besides, they added HTTP headers (Expect-CT, Public-Key-Pins-Report-Only), DNS CAA, and monitoring (e.g., TLSRPT)
– There will be an independent security audit of all Proton apps
> A lot of Chromebook and Chromebox users don't realize this, but all ChromeOS devices have an expiration date.
🤦♂️ put linux on it or don't buy this kind of stuff.
"Security analysis of <portal> element"
Some tips to increase the security of your kubernetes cluster:
Mysterious iOS Attack Changes Everything We Know About iPhone Hacking. For two years, a handful of websites have indiscriminately hacked thousands of iPhones.
Fun fact: wizzair.com let's you set a long password, but behind the scenes it truncates it to 16 characters (because obviously every byte is precious these days, I guess?).
When you try to log-in with your long long password, it fails. You have to *know* to truncate it yourself to 16 chars.
This is a major airline in 2019.
What happens when you launch your browser for the first time:
Interesting read. I was kind of disappointed to learn that:
"The http://mozilla.org tab discussing the importance of Privacy loads in the background, bringing along with it the Google Tag Manager and Google Analytics. Hello, Google."
Hey #cccamp19, you know everything you buy from Decathlon has a long-range UHF RFID tag on it, and I have a reader with 10m range?
145 unique tags scanned from a quick walk around the Milliways area.
Typechecking Django and DRF
1. Log into your Wordpress site
2. Go to "Plugins", "Add New", search for "ActivityPub" plugin, install and activate it.
3. Go to "Users", then "Your Profile". Scroll down, and right at the bottom there's a new section called "Fediverse" with the blog's Fediverse address.
4. Share this address on #Mastodon etc, people will be able to follow it by pasting it into the search box and following it!
Yikes. "The fingerprints of over 1 million people, as well as facial recognition information... was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks." https://www.theguardian.com/technology/2019/aug/14/major-breach-found-in-biometrics-system-used-by-banks-uk-police-and-defence-firms
Matrix of affected web servers: https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752
"HTTP/2 Denial of Service Advisory"
"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed."