Why API Responses Should Be Signed
tl;dr: In an era of misinformation, Terence calls for APIs to be signed, and runs through why and conceptually how to implement this.
featured in #170
Two Malicious Python Libraries Caught Stealing SSH And GPG Keys
tl;dr: Two libraries were found stealing SSH and GPG keys. The libraries were named similar to common ones to trick developers into using them.
featured in #164
Why Software Remains Insecure
tl;dr: Basically, software remains vulnerable because the benefits created by insecure products far outweigh the downsides. Once that changes, software security will improve — but not a moment before.
featured in #150
The Technical Side of the Capital One AWS Security Breach
J Cole Morrison
tl;dr: Company was hacked though a "misconfigured firewall" allowing the hacker to use the EC2 IAM roles and act as the server, giving them access to all the S3 Buckets where the hacked info was stored.
featured in #149
Proving Security At Scale With Automated Reasoning
tl;dr: Fascinating run-through of how AWS thinks about security at scale, starting with the Shared Responsibility Model where AWS is responsible for security of the cloud and customers are responsible for security in the cloud.
featured in #146
New Research: How Effective Is Basic Account Hygiene At Preventing Hijacking
tl;dr: Adding a recovery phone number can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks.
featured in #142
The Inception Bar: A New Phishing Method
tl;dr: Security flaw in Chrome mobile where the URL shown is incorrect once scrolling starts. The author demonstrates this behavior in the article.
featured in #140