"“Quantum-Safe” Crypto Hacked by 10-Year-Old PC"
A dozen malicious Python packages were uploaded to the PyPi repository this weekend in a typosquatting attack that performs DDoS attacks on a Counter-Strike 1.6 server.
"Twilio Incident: What Signal Users Need to Know"
"The Zoom installer let a researcher hack his way to root access on macOS"
"PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero"
"iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser"
Pertinent question: Could a website protect its users by using a good CSP? or is Meta also able to strip it?
Incident Report: Employee and Customer Account Compromise - August 4, 2022
"To Uncover a Deepfake Video Call, Ask the Caller to Turn Sideways"
"Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication Service"
Dpaste now has a '.well-known/security.txt' file to aid in reporting of any discovered vulnerabilities. https://securitytxt.org/
"Apple’s Lockdown Mode"
"The dangers of Microsoft Pluton"
"Vodafone & Deutsche Telekom to introduce persistent user tracking"
Roberta Arcoverde, Director at Stack Overflow, previously a staff engineer and tech lead:
Stack Overflow platform:
* .. backed by just 9 servers,
* .. run on-prem from own data center (not cloud),
* .. team of 50 engineers (up from 10 in 2014),
* .. deployed as monolith in 4min multiple times daily,
* .. pragmatic, ignore trends like k8s and microservices.
> Giving SQL 1.5 TB of RAM was more effective than caching page fragments in Redis.