"Cultivate good ideas. But don't be in a rush to execute on all of them; let the bad ideas fall away. Wait until you feel the strong pull of the market; then start executing."


"django-two-factor-auth versions 1.11 and before store the user's password in clear text in the user session (base64-encoded)."


@valleyforge agree, we must be very careful with how this stuff is done.
If done right, it can be much much better than the low-tech solutions, but it is very hard to get it right.

Malicious JavaScript in image metadata used to steal data; then, images are used again to exfiltrate data:


– Malware uses Exif metadata to inject JavaScript that steals data.
– Afterward, the data is exfiltrated as an image via GET/POST to another server.
– As a server admin, frequently update the server software, and monitor file integrity + network traffic. Moreover, set a strict Content Security Policy.

#malware #image #metadata #exif #infosec #security

@infosechandbook while keys.openpgp.org seems nice, the centralization here is a bit weird.
Wouldn't something like the "Web key directory" be a much better approach to publish our public keys.

OWASP Chapters All Day (June 2020):
In case you missed it, there is a collection of recent OWASP talks. The topics include security-relevant HTTP response headers, lessons learned for incident response teams (CSIRT/PSIRT), and hardening code/systems.


#owasp #infosec #talks #security #cybersecurity

This is a great example of why open source is the only thing that's really worth investing your time into long term.

"Because Synthing is free and doesn’t depend on server-side storage, they don’t need to put weird or unnatural restrictions on you."


"UtahFS is an encrypted storage system that provides a user-friendly FUSE drive backed by cloud storage."



Show more
Social feed

This is a personal and private instance.