Super Small Summary:
* Zoom for Mac lets any website force your client to join a call
* With the camera turned on
* Installs a web-server that is not deleted when you remove the app
* That web-server can be used to remotely reinstall the zoom app and do some sort of DOS on your machine.
(Not patched yet)
"strong_password v0.0.7 rubygem hijacked"
"Learnings from modern app sec teams"
Small and useful intro to threat modeling 👌
How to stop your emails from being tracked
Nice hack and can easily be adapted to use other ways to sending the notification. 🤔
Couldn't agree more.
Disabling image loading on your email clients (default option in many of them) is a must.
"Absence of certain features in IRC considered a feature" 🤔
Spring - Blender Open Movie https://video.blender.org/videos/watch/3d95fb3d-c866-42c8-9db1-fe82f48ccb95
Tor-focussed operating system Tails 3.14.2 released:
– update for Tor Browser (8.5.3)
– ⚠ the Tails OS developers strongly advice against using Tails OS 3.14.1 or earlier: https://tails.boum.org/security/sandbox_escape_in_tor_browser/index.de.html
Nice post about the lessons learned during a long career in software development.
We signed a public letter urging the German government to drop the idea of building in backdoors in all encrypted communication. It was a bad idea in 1993, it is a bad idea today.
"Getting 2FA Right in 2019"
Mozilla published a new GPG key that will be used to sign the Firefox release manifests in future:
The new GPG subkey’s fingerprint is 097B 3130 77AE 62A0 2F84 DA4D F1A6 668F BB7D 572E, and it expires 2021-05-29.
"Less capabilities, more security: minimizing privilege escalation in Docker"
"Dataclasses and attrs: when and why"