OWASP Chapters All Day (June 2020):
In case you missed it, there is a collection of recent OWASP talks. The topics include security-relevant HTTP response headers, lessons learned for incident response teams (CSIRT/PSIRT), and hardening code/systems.
This is a great example of why open source is the only thing that's really worth investing your time into long term.
"Because Synthing is free and doesn’t depend on server-side storage, they don’t need to put weird or unnatural restrictions on you."
"UtahFS is an encrypted storage system that provides a user-friendly FUSE drive backed by cloud storage."
"AWS Security Maturity Roadmap"
"Understanding Web Security Checks in Firefox"
"Two vulnerabilities in Zoom could lead to code execution"
"How did I found SSRF in Facebook — the story of my first bug bounty"
"Sandboxing nginx with systemd"
The upcoming "Feature Policy" is now called "Permissions Policy":
We already updated the relevant part of our Web server security series: https://infosec-handbook.eu/blog/wss3-tls-headers/#ex-headers
Keep in mind that the Permissions Policy isn't supported by most web browsers, so you don't need to set it at the moment. Clients ignore it.
Achieving accessibility through simplicity
Ebooks with DRM suck. We should always try to buy them from stores/places that don't use this kind of crap.
"Catalina is checking notarization of unsigned executables"
or in another words:
Apple is tracking all the executables you run on "your" computer
wow, I have no words for this...
(From medium.com): Stealing Secrets from Developers using Websockets https://medium.com/@stestagg/stealing-secrets-from-developers-using-websockets-254f98d577a0
"Security scanners for Python and Docker: from code to dependencies"
"Google bans Podcast Addict app after 9 years for letting users play podcasts that reference COVID-19" -> https://reclaimthenet.org/google-play-suspends-podcast-addict/
"Google bans my events app for referencing Covid-19, or related terms"-> https://news.ycombinator.com/item?id=23221447
"Ask HN: How long has Google been censoring YouTube comments critical of China?"-> https://news.ycombinator.com/item?id=23221264
"Google deletes “communist bandits” 共匪 comments on Youtube globally."->https://news.ycombinator.com/item?id=23223219
🤔 Is there a new trend here? or just an old one?
"European Parliament strongly recommends any software developed by and for the EU institutions to be made publicly available under Free and Open Source Software licence"
"You don't need an image to run a container"