Let's build a Chrome extension that steals everything
Doesn't cover getting past review, but another reminder to be paranoid careful about adding browser extensions.
Doesn't cover getting past review, but another reminder to be paranoid careful about adding browser extensions.
surprising(?) amount of biased claims in there. "I have had great luck with phone x", some hating on google for login screens, etc.
I like the idea, kinda agree with "this cheat sheet is likely to be come your weakest link in your security threat model" - where should you keep it?!
via hn
the things of nightmares
Amazing writeup.
If you wouldn't let someone pull up a folding chair in your bathroom to Learn and Be Curious while watching you poop, don't let them have access to your email.
Scan your LAN for loose samba shares
The story of trying to track down your instagram double.
via HN
crazy concept!
this is wild. "It's pretty incredible, and at the same time, pretty terrifying" is about right.
Security Advisories / Bulletins / Vendor Responses linked to Log4Shell (CVE-2021-44228)
Good and sufficiently scary summary
Solution:
sudo rm -r /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman-key --populate archlinux
sudo pacman-key --refresh-keys
sudo pacman -Sy gnupg archlinux-keyring
sudo pacman -Sc
Interesting take on the differences in impact between large scale vs inidividual differences.
Thanks Alexandria \U0001F49C
Excellent writeup. The CORS example dot points are a great example of good clear security explanations.
Reading this made me feel a little more justified in my general distrust of browser extensions. They have so much potential power!
From hackernews.
GitLab security scanning has a similar issue of false positives (many Node security vulns in frontend-only code). But at least they can be marked as resolved!
To check a bitly link, add +
to the end of the URL.
Subtitle explains it - America’s biggest vulnerability in cyberwarfare is hubris. Shoting "this is 'murica" doesn't protect your data.
Cool glitchy animated drawings in the article.
Good year to do this I guess. It definitely does need to be easier, that is probably a matter of keeping notes for "here are places I need to update when I change this key".
Auto-delete as a default is good - the permenance of random new services is always worrying.
Course is WIP, chapters are all very short but shows promise. Some good other links to courses and material in HN thread
Excellent tips. Reading this makes me feel like my security is atrocious
I have been obsessed with rsync lately
.env files were the thing that made me stop pasting credentials directly in my WIP files.
See all tags.