/Security

CS 253 Web Security

- Feross Aboukhadijeh tl;dr: Stanford's course on web security - "this course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures."

featured in #179


Webcam Hacking

- Ryan Pickren tl;dr: A technical walkthrough of how Ryan discovered several zero-day bugs in Safari giving him access to the camera and more. 

featured in #179


Inrupt, Tim Berners-Lee's Solid, and Me

- Bruce Schneier tl;dr: Bruce joined Inrupt, a company bringing a new model of managing personal data to life, designed by Tim Berners-Lee. All your personal data lives in a pod and is managed by you. Each pod has granular access that you command.

featured in #174


Why API Responses Should Be Signed

- Terence Eden tl;dr: In an era of misinformation, Terence calls for APIs to be signed, and runs through why and conceptually how to implement this. 

featured in #170


SHA-1 Is A Shambles

- Thomas Peyrin tl;dr: Despite a decline in usage and already publicized vulnerability, researches have uncovered a more serious issue. A chosen prefix collision means you can create two different docs and add on some extra blocks so they collide.

featured in #168


Two Malicious Python Libraries Caught Stealing SSH And GPG Keys

- Catalin Cimpanu tl;dr: Two libraries were found stealing SSH and GPG keys. The libraries were named similar to common ones to trick developers into using them.

featured in #164


Why Software Remains Insecure

- Daniel Miesller tl;dr: Basically, software remains vulnerable because the benefits created by insecure products far outweigh the downsides. Once that changes, software security will improve — but not a moment before.

featured in #150


The Technical Side of the Capital One AWS Security Breach

- J Cole Morrison tl;dr: Company was hacked though a "misconfigured firewall" allowing the hacker to use the EC2 IAM roles and act as the server, giving them access to all the S3 Buckets where the hacked info was stored.

featured in #149


Proving Security At Scale With Automated Reasoning

- Werner Vogels tl;dr: Fascinating run-through of how AWS thinks about security at scale, starting with the Shared Responsibility Model where AWS is responsible for security of the cloud and customers are responsible for security in the cloud.

featured in #146


New Research: How Effective Is Basic Account Hygiene At Preventing Hijacking

- Kurt Thomas Angelika Moscicki tl;dr: Adding a recovery phone number can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks.

featured in #142