"How containers work: overlayfs"
"The Service Mesh: What Every Software Engineer Needs to Know about the World's Most Over-Hyped Technology"
Hmmm : thinking:
"The case of the $20000 cookie"
> The outsider ... had been communicating late last month with one of the company’s security analysts. In one message, the HackerOne analyst sent the community member parts of a cURL command that mistakenly included a valid session cookie that gave anyone with possession of it the ability to read and partially modify data the analyst had access to.
Malicious Python libraries stealing OpenPGP and SSH keys:
– Look for python3-dateutil, and jeIlyfish.
– Both modules try to exfiltrate SSH/OpenPGP keys and send them to an IP address.
– This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository.
"Spot the security problem" advent.
"Visualizing the distribution of trusted CA’s"
"Learn two languages"
Solid advise! Not just 2 but at least 2.
Mozilla ranks products from "not creepy" to "super creepy" in terms of privacy, explaining the reasons behind every score.
hmmm, might be useful to have a very quick look on how a given tool or programming language works.
Small intro to accessibility
"Internet world despairs as non-profit .org sold for $$$$ to private equity firm, price caps axed"
"We can't send email more than 500 miles"
Entertaining story :)
"New NextCry Ransomware Encrypts Data on NextCloud Linux Servers"
TPM-FAIL – security vulnerabilities in Trusted Platform Modules:
http://tpm.fail/tpmfail.pdf (PDF file)
– Affected are Platform Trust Technology (Intel), and ST33 TPM chip (STMicroelectronics). TPMs from Nuvoton/Infineon aren't affected.
– A remote attacker could retrieve certain private keys (e.g., as used by ECDSA).
– Intel provides a firmware update; vulnerable ST33 chips can't be patched.