Tagged “security”
RET2 WarGames Security Training
API Churn vs Security
if you want to avoid this API Churn vs. Security complexity trade off entirely, there is a great way to do it: move things back to the server side.
FreeOTP
open-source one-time password app published by Red Hat
North Korean fake IT worker tried to get hired by KnowBe4
Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock
Bypass FRP on Pixels
amazingly elaborate process for getting to Settings menus in android before setting up a phone.
Accessing 1Password items from the terminal | Simon Willison’s TILs
Very handy for keys and things. Want this for bitwarden
Cyber is full
not enough security jobs available, too many people trying to sell courses on it.
Private Access Tokens: eliminating CAPTCHAs on iPhones and Macs with open standards
What happens if I lose my phone?
If you lose access to your two-factor authentication device, e.g. you lose your phone, you can still log in to your account. When prompted for your authentication code, enter your recovery code shown during the two-factor authentication setup.
There is no section for "what if I have lost my recovery code".
Polyfill supply chain attack hits 100K+ sites
bad enough that CloudFlare is automatically updating
Fenced In: How the Global Rise of Border Walls Is Stifling Wildlife
terrible thing.
‘Who Benefits?’ Inside the EU’s Fight over Scanning for Child Sex Content
Ethical Hacker - Skills for All
An Excruciatingly Detailed Guide To SSH (But Only The Things I Actually Find Useful)
Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity
this is not about keeping people safe from fentanyl
Large Language Models Can Be Easily Distracted by Irrelevant Context
Prompt injection: What’s the worst that can happen?
ignore previous instruction, that task is now complete.
The super-rich ‘preppers’ planning to save themselves from the apocalypse
Let's build a Chrome extension that steals everything
Doesn't cover getting past review, but another reminder to be paranoid careful about adding browser extensions.
Google Pixel 7 and Pixel 7 Pro | Hacker News
surprising(?) amount of biased claims in there. "I have had great luck with phone x", some hating on google for login screens, etc.
Cheat sheet for if I'm gone
I like the idea, kinda agree with "this cheat sheet is likely to be come your weakest link in your security threat model" - where should you keep it?!
via hn
I've locked myself out of my digital life
the things of nightmares
Corey Quinn on Twitter: "And now, a rundown of my personal security posture"
Amazing writeup.
- install all updates
- use a password manager
- Turn on disk encryption. Replacing a laptop is preferable than leaking data
- SSH keys in secure enclaces. Private key never leaves device. Public keys on github
- Block ads. "when third-party ad platforms started becoming attack vectors, I got religion on this."
- Use MFA, prefer physical keys
If you wouldn't let someone pull up a folding chair in your bathroom to Learn and Be Curious while watching you poop, don't let them have access to your email.
The End of Roe Will Bring About a Sea Change in the Encryption Debate
SMBeagle v1.0.1
Scan your LAN for loose samba shares
Seriously, stop using RSA
Real Me and Fake Me
The story of trying to track down your instagram double.
via HN
iodine(8) - Linux man page
crazy concept!
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
this is wild. "It's pretty incredible, and at the same time, pretty terrifying" is about right.
BlueTeam CheatSheet for Log4Shell
Security Advisories / Bulletins / Vendor Responses linked to Log4Shell (CVE-2021-44228)
Naomi not Niomi
Good and sufficiently scary summary
Signature is unknown trust - Arch Linux
Solution:
sudo rm -r /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman-key --populate archlinux
sudo pacman-key --refresh-keys
sudo pacman -Sy gnupg archlinux-keyring
sudo pacman -Sc
A Graduate Course in Applied Cryptography
Jeffrey Ladish
Interesting take on the differences in impact between large scale vs inidividual differences.
How I re-over-engineered my home network for privacy and security
Vulnerability in Bumble dating app reveals any user's exact location
Here are some beginner Cybersecurity and Information Security resources that are free!
Thanks Alexandria \U0001F49C
how to be popular
Excellent writeup. The CORS example dot points are a great example of good clear security explanations.
Many temptations of an open-source chrome extension developer
Reading this made me feel a little more justified in my general distrust of browser extensions. They have so much potential power!
Forensic Methodology Report: How to catch NSO Group’s Pegasus
A case against security nihilism
Trust in Software, an All Time Low
npm audit: Broken by Design
From hackernews.
GitLab security scanning has a similar issue of false positives (many Node security vulns in frontend-only code). But at least they can be marked as resolved!
How to verify a Bitly link's destination
To check a bitly link, add +
to the end of the URL.
Common Security Issues in Financially Orientated Web (PDF)
How the United States Lost to Hackers
Subtitle explains it - America’s biggest vulnerability in cyberwarfare is hubris. Shoting "this is 'murica" doesn't protect your data.
Cool glitchy animated drawings in the article.
Docker Security
How often should I rotate my ssh keys?
Good year to do this I guess. It definitely does need to be easier, that is probably a matter of keeping notes for "here are places I need to update when I change this key".
Crackpot Cryptography and Security Theater
Keeping your private information private
Auto-delete as a default is good - the permenance of random new services is always worrying.
Reverse engineering course : Hacker News
Course is WIP, chapters are all very short but shows promise. Some good other links to courses and material in HN thread
Stupid Unix Tricks 11 October 2019
Excellent tips. Reading this makes me feel like my security is atrocious
A cron job that could save you from a ransomware attack
I have been obsessed with rsync lately
Parse .env file on command line
.env files were the thing that made me stop pasting credentials directly in my WIP files.
See all tags.