Tagged “security”

Doesn't cover getting past review, but another reminder to be paranoid careful about adding browser extensions.

surprising(?) amount of biased claims in there. "I have had great luck with phone x", some hating on google for login screens, etc.

I like the idea, kinda agree with "this cheat sheet is likely to be come your weakest link in your security threat model" - where should you keep it?!

via hn

the things of nightmares

Amazing writeup.

1. install all updates
2. use a password manager
3. Turn on disk encryption. Replacing a laptop is preferable than leaking data
4. SSH keys in secure enclaces. Private key never leaves device. Public keys on github
5. Block ads. "when third-party ad platforms started becoming attack vectors, I got religion on this."
6. Use MFA, prefer physical keys

If you wouldn't let someone pull up a folding chair in your bathroom to Learn and Be Curious while watching you poop, don't let them have access to your email.

Scan your LAN for loose samba shares

The story of trying to track down your instagram double.

via HN

crazy concept!

this is wild. "It's pretty incredible, and at the same time, pretty terrifying" is about right.

Security Advisories / Bulletins / Vendor Responses linked to Log4Shell (CVE-2021-44228)

Good and sufficiently scary summary

Solution:

sudo rm -r /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman-key --populate archlinux
sudo pacman-key --refresh-keys
sudo pacman -Sy gnupg archlinux-keyring
sudo pacman -Sc

Interesting take on the differences in impact between large scale vs inidividual differences.

Thanks Alexandria \U0001F49C

Excellent writeup. The CORS example dot points are a great example of good clear security explanations.

Reading this made me feel a little more justified in my general distrust of browser extensions. They have so much potential power!

From hackernews.

GitLab security scanning has a similar issue of false positives (many Node security vulns in frontend-only code). But at least they can be marked as resolved!

To check a bitly link, add + to the end of the URL.

Via Soroush's twitter

Subtitle explains it - America’s biggest vulnerability in cyberwarfare is hubris. Shoting "this is 'murica" doesn't protect your data.

Cool glitchy animated drawings in the article.

Good year to do this I guess. It definitely does need to be easier, that is probably a matter of keeping notes for "here are places I need to update when I change this key".

Auto-delete as a default is good - the permenance of random new services is always worrying.

Course is WIP, chapters are all very short but shows promise. Some good other links to courses and material in HN thread

Excellent tips. Reading this makes me feel like my security is atrocious

I have been obsessed with rsync lately

.env files were the thing that made me stop pasting credentials directly in my WIP files.