Let's build a Chrome extension that steals everything
Doesn't cover getting past review, but another reminder to be paranoid careful about adding browser extensions.
Doesn't cover getting past review, but another reminder to be paranoid careful about adding browser extensions.
I like the idea, kinda agree with "this cheat sheet is likely to be come your weakest link in your security threat model" - where should you keep it?!
via hn
Amazing writeup.
If you wouldn't let someone pull up a folding chair in your bathroom to Learn and Be Curious while watching you poop, don't let them have access to your email.
Watch your egress. Firewalls work both ways. Carefully monitor outbound traffic.
The story of trying to track down your instagram double.
via HN
Security Advisories / Bulletins / Vendor Responses linked to Log4Shell (CVE-2021-44228)
Good and sufficiently scary summary
cooool...
Thanks Alexandria \U0001F49C
Excellent writeup. The CORS example dot points are a great example of good clear security explanations.
Reading this made me feel a little more justified in my general distrust of browser extensions. They have so much potential power!
Subtitle explains it - America’s biggest vulnerability in cyberwarfare is hubris. Shoting "this is 'murica" doesn't protect your data.
Cool glitchy animated drawings in the article.
Good year to do this I guess. It definitely does need to be easier, that is probably a matter of keeping notes for "here are places I need to update when I change this key".
See all tags.