Tagged “infosec”

Doesn't cover getting past review, but another reminder to be paranoid careful about adding browser extensions.

I like the idea, kinda agree with "this cheat sheet is likely to be come your weakest link in your security threat model" - where should you keep it?!

via hn

Amazing writeup.

1. install all updates
2. use a password manager
3. Turn on disk encryption. Replacing a laptop is preferable than leaking data
4. SSH keys in secure enclaces. Private key never leaves device. Public keys on github
5. Block ads. "when third-party ad platforms started becoming attack vectors, I got religion on this."
6. Use MFA, prefer physical keys

If you wouldn't let someone pull up a folding chair in your bathroom to Learn and Be Curious while watching you poop, don't let them have access to your email.

Watch your egress. Firewalls work both ways. Carefully monitor outbound traffic.

The story of trying to track down your instagram double.

via HN

Security Advisories / Bulletins / Vendor Responses linked to Log4Shell (CVE-2021-44228)

Good and sufficiently scary summary

cooool...

Thanks Alexandria \U0001F49C

Excellent writeup. The CORS example dot points are a great example of good clear security explanations.

Reading this made me feel a little more justified in my general distrust of browser extensions. They have so much potential power!

Subtitle explains it - America’s biggest vulnerability in cyberwarfare is hubris. Shoting "this is 'murica" doesn't protect your data.

Cool glitchy animated drawings in the article.

Good year to do this I guess. It definitely does need to be easier, that is probably a matter of keeping notes for "here are places I need to update when I change this key".