"Cultivate good ideas. But don't be in a rush to execute on all of them; let the bad ideas fall away. Wait until you feel the strong pull of the market; then start executing."
@valleyforge agree, we must be very careful with how this stuff is done.
If done right, it can be much much better than the low-tech solutions, but it is very hard to get it right.
"Estonian Electronic Identity Card: Security Flaws in Key Management"
– Afterward, the data is exfiltrated as an image via GET/POST to another server.
– As a server admin, frequently update the server software, and monitor file integrity + network traffic. Moreover, set a strict Content Security Policy.
"Fixers Know What ‘Repairable’ Means—Now There’s a Standard for It"
"Written communication is remote work super power"
@infosechandbook while keys.openpgp.org seems nice, the centralization here is a bit weird.
Wouldn't something like the "Web key directory" be a much better approach to publish our public keys.
"Exploiting Bitdefender Antivirus: RCE from any website"
"Conducting a Cloud Assessment in AWS"
OWASP Chapters All Day (June 2020):
In case you missed it, there is a collection of recent OWASP talks. The topics include security-relevant HTTP response headers, lessons learned for incident response teams (CSIRT/PSIRT), and hardening code/systems.
This is a great example of why open source is the only thing that's really worth investing your time into long term.
"Because Synthing is free and doesn’t depend on server-side storage, they don’t need to put weird or unnatural restrictions on you."
"UtahFS is an encrypted storage system that provides a user-friendly FUSE drive backed by cloud storage."
"AWS Security Maturity Roadmap"
"Understanding Web Security Checks in Firefox"
@carlchenet Good one 😂