LastPass releases update for security vulnerability:
– The vulnerability allowed extracting credentials of previously-visited websites.
– Tavis Ormandy: "I think it's fair to call this 'High' severity, even if it won't work for *all* URLs."
– fixed in v4.33.0/v4.33.
"Basic Electron Framework Exploitation"
ProtonMail adds support for Web Key Directory (WKD), DANE, and MTA-STS:
– WKD is also available for external keys now
– DANE is also available for custom domains
– Besides, they added HTTP headers (Expect-CT, Public-Key-Pins-Report-Only), DNS CAA, and monitoring (e.g., TLSRPT)
– There will be an independent security audit of all Proton apps
> A lot of Chromebook and Chromebox users don't realize this, but all ChromeOS devices have an expiration date.
🤦♂️ put linux on it or don't buy this kind of stuff.
"Security analysis of <portal> element"
Some tips to increase the security of your kubernetes cluster:
Mysterious iOS Attack Changes Everything We Know About iPhone Hacking. For two years, a handful of websites have indiscriminately hacked thousands of iPhones.
Fun fact: wizzair.com let's you set a long password, but behind the scenes it truncates it to 16 characters (because obviously every byte is precious these days, I guess?).
When you try to log-in with your long long password, it fails. You have to *know* to truncate it yourself to 16 chars.
This is a major airline in 2019.
What happens when you launch your browser for the first time:
Interesting read. I was kind of disappointed to learn that:
"The http://mozilla.org tab discussing the importance of Privacy loads in the background, bringing along with it the Google Tag Manager and Google Analytics. Hello, Google."
Hey #cccamp19, you know everything you buy from Decathlon has a long-range UHF RFID tag on it, and I have a reader with 10m range?
145 unique tags scanned from a quick walk around the Milliways area.
Typechecking Django and DRF
Yikes. "The fingerprints of over 1 million people, as well as facial recognition information... was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks." https://www.theguardian.com/technology/2019/aug/14/major-breach-found-in-biometrics-system-used-by-banks-uk-police-and-defence-firms
Matrix of affected web servers: https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752
"HTTP/2 Denial of Service Advisory"
"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed."