Security

1540 readers
3 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
LinearArray@programming.dev
listing: all - local
76
8
Why you should check your secrets into Git [video] (youtu.be)
submitted 2 years ago by canpolat@programming.dev to c/security@programming.dev
0 comments fedilink
 
 

I think the title of the talk is click-bait, but the content is interesting otherwise. The talk is roughly 40min + 15min Q&A

77
11
Rust devs push back as Serde project ships precompiled binaries (www.bleepingcomputer.com)
submitted 2 years ago by ruffsl@programming.dev to c/security@programming.dev
1 comments fedilink
78
12
Short session expiration does not help security (www.sjoerdlangkemper.nl)
submitted 2 years ago by canpolat@programming.dev to c/security@programming.dev
1 comments fedilink
79
11
A surprisingly simple way to foil car thieves (news.umich.edu)
submitted 2 years ago by agilob@programming.dev to c/security@programming.dev
8 comments fedilink
80
1
Apple employee reportedly didn’t tell Google about zero-day exploit found in Chrome (9to5mac.com)
submitted 2 years ago by Mustafaalbazy@programming.dev to c/security@programming.dev
2 comments fedilink
 
 

As we often report here, it’s common for tech companies to help each other improve their security systems by sharing zero-day exploits found by security researchers. Google, for example, does this a lot. But recently, an Apple employee reportedly found a zero-day exploit in Google Chrome – and that bug was never reported to Apple by that person.

81
5
How This SQL Command Blew Up a Billion Dollar Company - Kevin Fang (youtu.be)
submitted 2 years ago by ruffsl@programming.dev to c/security@programming.dev
0 comments fedilink
 
 

I tried looking the original Joint USSS/FBI Advisory shown in the end of the video, and found these:

82
2
'ShadowVault' macOS malware steals passwords, crypto, credit card data (www.macworld.com)
submitted 2 years ago by Mustafaalbazy@programming.dev to c/security@programming.dev
0 comments fedilink
83
4
Shortening the Let's Encrypt Chain of Trust (letsencrypt.org)
submitted 2 years ago by canpolat@programming.dev to c/security@programming.dev
0 comments fedilink
84
3
TootRoot | Mastodon had a Critical Security Vulnerability (youtube.com)
submitted 2 years ago by ruffsl@programming.dev to c/security@programming.dev
0 comments fedilink
 
 

Security advisorys: https://github.com/mastodon/mastodon/security

85
2
OAuth – the good Parts - Dominick Baier - NDC Porto 2022 (www.youtube.com)
submitted 2 years ago by canpolat@programming.dev to c/security@programming.dev
0 comments fedilink
 
 

cross-posted from: https://programming.dev/post/160750

Dominick Baier's talk is a great introduction to the often confusing world of OAuth. There are many good resources about details of a given flow, but the challenging thing is which flow to use for what.

86
2
This is Fine: Optimism & Emergency in the P2P Network (infosec.pub)
submitted 2 years ago by demesisx@programming.dev to c/security@programming.dev
0 comments fedilink
87
1
Brave aims to curb practice of websites that port scan visitors (arstechnica.com)
submitted 2 years ago by ndotb@programming.dev to c/security@programming.dev
0 comments fedilink
 
 

Yeah, uh.... at least ublock's EasyPrivacy list catches most of them