A Guide To Threat Modelling for Developers

- Jim Gumbley tl;dr: "Threat modelling is a risk-based approach to designing secure systems." This article encourages developers to start simple with 3 questions. What are you building? What can go wrong? What are you going to do?

featured in #185

What Science Can Tell Us About C And C++'s Security

- Alex Gaynor tl;dr: Research suggests that using memory-safe programming languages results in reduction in number of vulnerabilities.

featured in #184

The Confessions Of Marcus Hutchins, The Hacker Who Saved The Internet

- Andy Greenberg tl;dr: "At 22, he single-handedly put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story."

featured in #182

Security And Privacy Implications Of Zoom

- Bruce Schneier tl;dr: Zoom's problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.

featured in #180

CS 253 Web Security

- Feross Aboukhadijeh tl;dr: Stanford's course on web security - "this course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures."

featured in #179

Webcam Hacking

- Ryan Pickren tl;dr: A technical walkthrough of how Ryan discovered several zero-day bugs in Safari giving him access to the camera and more. 

featured in #179

Inrupt, Tim Berners-Lee's Solid, and Me

- Bruce Schneier tl;dr: Bruce joined Inrupt, a company bringing a new model of managing personal data to life, designed by Tim Berners-Lee. All your personal data lives in a pod and is managed by you. Each pod has granular access that you command.

featured in #174

Why API Responses Should Be Signed

- Terence Eden tl;dr: In an era of misinformation, Terence calls for APIs to be signed, and runs through why and conceptually how to implement this. 

featured in #170

SHA-1 Is A Shambles

- Thomas Peyrin tl;dr: Despite a decline in usage and already publicized vulnerability, researches have uncovered a more serious issue. A chosen prefix collision means you can create two different docs and add on some extra blocks so they collide.

featured in #168

Two Malicious Python Libraries Caught Stealing SSH And GPG Keys

- Catalin Cimpanu tl;dr: Two libraries were found stealing SSH and GPG keys. The libraries were named similar to common ones to trick developers into using them.

featured in #164