Again? Who thought this was a good idea?
This is quite scary, beware.
Backdoor in event-stream library dependency - https://github.com/dominictarr/event-stream/issues/116
Plain-text passwords strike again. But at least this stuff is starting to get some attention and "companies" being fined.
List of web security issues and tricks that we should be aware of:
Debunking 5 common web security and privacy myths:
– "external scanning of websites discovers all issues"
– "random HTTP response headers mean security"
– "HTTPS means security"
– "external content is bad"
– "JS/Cookies are bad"
Nice post showing how PostgreSQL's "PQExecParam" and "server-side prepared statements" can help you easily avoid SQL injections.
"What is best vs What looks best"
StefanKeller: Re MAPTCHA - ReMAPTCHA - A free, map-based anti-spam service that enhances OpenStreetMap
At last, some tools to stop working for free for Google and contribute to the commons while reducing spam!
Cool post about the complexities of doing proper crash reporting in python desktop applications:
"VirtualBox E1000 Guest-to-Host Escape"
Bleeding Bit: two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of enterprise access points and networking devices.
– CVE-2018-16986 and CVE-2018-7080
– affected chips are embedded in devices of Cisco, Meraki, Aruba and others
– Cisco and Aruba state that BLE chips are disabled by default
– most suppliers released patches
Nice thread with great quotes from the book: “It doesn’t have to be crazy at work”. 👍