"Fixers Know What ‘Repairable’ Means—Now There’s a Standard for It"
"Written communication is remote work super power"
"Exploiting Bitdefender Antivirus: RCE from any website"
"Conducting a Cloud Assessment in AWS"
OWASP Chapters All Day (June 2020):
In case you missed it, there is a collection of recent OWASP talks. The topics include security-relevant HTTP response headers, lessons learned for incident response teams (CSIRT/PSIRT), and hardening code/systems.
This is a great example of why open source is the only thing that's really worth investing your time into long term.
"Because Synthing is free and doesn’t depend on server-side storage, they don’t need to put weird or unnatural restrictions on you."
"UtahFS is an encrypted storage system that provides a user-friendly FUSE drive backed by cloud storage."
"AWS Security Maturity Roadmap"
"Understanding Web Security Checks in Firefox"
"Two vulnerabilities in Zoom could lead to code execution"
"How did I found SSRF in Facebook — the story of my first bug bounty"
"Sandboxing nginx with systemd"
The upcoming "Feature Policy" is now called "Permissions Policy":
We already updated the relevant part of our Web server security series: https://infosec-handbook.eu/blog/wss3-tls-headers/#ex-headers
Keep in mind that the Permissions Policy isn't supported by most web browsers, so you don't need to set it at the moment. Clients ignore it.
Achieving accessibility through simplicity
Ebooks with DRM suck. We should always try to buy them from stores/places that don't use this kind of crap.
"Catalina is checking notarization of unsigned executables"
or in another words:
Apple is tracking all the executables you run on "your" computer
wow, I have no words for this...