"The Service Mesh: What Every Software Engineer Needs to Know about the World's Most Over-Hyped Technology"

servicemesh.io/

Hmmm : thinking:

"The case of the $20000 cookie"

arstechnica.com/information-te

> The outsider ... had been communicating late last month with one of the company’s security analysts. In one message, the HackerOne analyst sent the community member parts of a cURL command that mistakenly included a valid session cookie that gave anyone with possession of it the ability to read and partially modify data the analyst had access to.

"Authentication vulnerabilities in OpenBSD"

seclists.org/oss-sec/2019/q4/1

(A patch that fixes the issue has already been released)

Malicious Python libraries stealing OpenPGP and SSH keys:

zdnet.com/article/two-maliciou

– Look for python3-dateutil, and jeIlyfish.
– Both modules try to exfiltrate SSH/OpenPGP keys and send them to an IP address.
– This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository.

#python #malware #pypi #infosec #security #cybersecurity

Mozilla ranks products from "not creepy" to "super creepy" in terms of privacy, explaining the reasons behind every score.
foundation.mozilla.org/en/priv

learnxinyminutes.com/

hmmm, might be useful to have a very quick look on how a given tool or programming language works.

"Help stop the sale of Public Interest Registry to a Private Equity Firm"

savedotorg.org

"Internet world despairs as non-profit .org sold for $$$$ to private equity firm, price caps axed"

theregister.co.uk/2019/11/20/o

🤦‍♂️

TPM-FAIL – security vulnerabilities in Trusted Platform Modules:

tpm.fail/tpmfail.pdf (PDF file)

– Affected are Platform Trust Technology (Intel), and ST33 TPM chip (STMicroelectronics). TPMs from Nuvoton/Infineon aren't affected.
– A remote attacker could retrieve certain private keys (e.g., as used by ECDSA).
– Intel provides a firmware update; vulnerable ST33 chips can't be patched.

#tpm #tpmfail #sidechannel #attack #vulnerability #infosec #security #cybersecurity

"TL;DR: an attacker can mount a RIDL attack despite the in-silicon mitigations/microcode patches published in May 2019 being in place."

mdsattacks.com/#ridl-ng

Show more
Social feed

This is a personal and private instance.