#GitLab Critical Security Release: 11.5.3, 11.4.10, 11.3.12 | GitLab
Cool article about the whole infrastructure behind HTTPS and TLS:
Typically monocultures are bad and are approaching one on the web.
"Remotely Hijacking Zoom Clients", a nice explanation of the vulnerability:
Again? Who thought this was a good idea?
ohh boy, here we go again! So where should I start checking (project dependencies, installed apps on the desktop, ...)?
Is there any tldr?
This is quite scary, beware.
Backdoor in event-stream library dependency - https://github.com/dominictarr/event-stream/issues/116
Plain-text passwords strike again. But at least this stuff is starting to get some attention and "companies" being fined.
List of web security issues and tricks that we should be aware of:
Debunking 5 common web security and privacy myths:
– "external scanning of websites discovers all issues"
– "random HTTP response headers mean security"
– "HTTPS means security"
– "external content is bad"
– "JS/Cookies are bad"
Nice post showing how PostgreSQL's "PQExecParam" and "server-side prepared statements" can help you easily avoid SQL injections.
"What is best vs What looks best"
StefanKeller: Re MAPTCHA - ReMAPTCHA - A free, map-based anti-spam service that enhances OpenStreetMap
At last, some tools to stop working for free for Google and contribute to the commons while reducing spam!