TPM-FAIL – security vulnerabilities in Trusted Platform Modules:
http://tpm.fail/tpmfail.pdf (PDF file)
– Affected are Platform Trust Technology (Intel), and ST33 TPM chip (STMicroelectronics). TPMs from Nuvoton/Infineon aren't affected.
– A remote attacker could retrieve certain private keys (e.g., as used by ECDSA).
– Intel provides a firmware update; vulnerable ST33 chips can't be patched.
"Keylogging users via Slack themes "
How secrets are handled at Monzo:
"HSTS From Top to Bottom or GTFO"
This is one of the reasons "HTTPS Everywhere" extension is still relevant.
"Bypassing GitHub's OAuth flow"
"Use antitrust to promote interoperability, says Cory Doctorow, an author and tech activist"
"Stealing private keys from a secure file sharing service"
XXE to RCE in XML plugins for VS Code, Eclipse and other software based on LSP4XML.
Be careful with those blacklists.
"Roads" by Max Böck https://mxb.dev/blog/roads/
Brilliant satire on modern web development.
"Projects vs Tasks"
Several years too late, but built in PGP support is coming to Thunderbird.