"Roads" by Max Böck mxb.dev/blog/roads/

Brilliant satire on modern web development.

darkport.co.uk/blog/ahh-shhgit

:thumbsup: tldr: Do not commit secrets to your code repo. There are some tools available to help detect and avoid when it happens accidentally.

"Samsung: Anyone's thumbprint can unlock Galaxy S10 phone"

bbc.com/news/technology-500805

"biometrics" 🤷‍♂️

@tennoseremel but this one they addressed it pretty quickly:

debian.org/security/2019/dsa-4

Stretch and Buster already have fixes available.

> When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

sudo.ws/alerts/minus_1_uid.htm

ECSM 2019 – Tips for your cyber hygiene:

infosec-handbook.eu/blog/ecsm2

We present about 20 quick actions to keep or improve your level of information security in day-to-day life. Feel free to share your tips.

#ecsm2019 #ecsm #cyberhygiene #security #infosec #cybersecurity

"There *was* a logic error in Signal that can cause an incoming call to be answered even if the callee does not pick it up."

bugs.chromium.org/p/project-ze

"In summary, usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo will ignore package and download the wrong dependency"

blog.rust-lang.org/2019/09/30/

LastPass releases update for security vulnerability:

bugs.chromium.org/p/project-ze

– The vulnerability allowed extracting credentials of previously-visited websites.
– Tavis Ormandy: "I think it's fair to call this 'High' severity, even if it won't work for *all* URLs."
– fixed in v4.33.0/v4.33.

#lastpass #security #vulnerability #tavisormandy #projectzero #infosec #cybersecurity

On using certificate authentication with SSH:

smallstep.com/blog/use-ssh-cer

An good and open source tool to help you with this is Hashicorps Vault.

ProtonMail adds support for Web Key Directory (WKD), DANE, and MTA-STS:

protonmail.com/blog/security-u

– WKD is also available for external keys now
– DANE is also available for custom domains
– Besides, they added HTTP headers (Expect-CT, Public-Key-Pins-Report-Only), DNS CAA, and monitoring (e.g., TLSRPT)
– There will be an independent security audit of all Proton apps

#protonmail #gpg #infosec #security #cybersecurity #openpgp #wkd #wks #dane #mtasts

Show more
Social feed

This is a personal and private instance.