Security

24 bookmarks

Custom sorting

The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean | The Hacker Blog

The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean | The Hacker Blog

#DNS #cloud #impersonation #managed DNS #takeover

·thehackerblog.com·Dec 21, 2016

The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean | The Hacker Blog

Rolling Your Own Crypto

Rolling Your Own Crypto

#crypto #security

·loup-vaillant.fr·Dec 18, 2016

Rolling Your Own Crypto

Stop Buying Bad Security Prescriptions – Justin Schuh – Medium

Stop Buying Bad Security Prescriptions – Justin Schuh – Medium

#threat assessment #devsecops #design #security vendors

·medium.com·Dec 15, 2016

Stop Buying Bad Security Prescriptions – Justin Schuh – Medium

GitHub - duffn/dumb-password-rules: Shaming sites with dumb password rules.

GitHub - duffn/dumb-password-rules: Shaming sites with dumb password rules.

#security #passwords

·github.com·Dec 5, 2016

GitHub - duffn/dumb-password-rules: Shaming sites with dumb password rules.

4 fatal flaws in deterministic password managers

4 fatal flaws in deterministic password managers

#passwords #password managers #determinism #state #secrets

·tonyarcieri.com·Nov 22, 2016

4 fatal flaws in deterministic password managers

The psychological reasons behind risky password practices - Help Net Security

The psychological reasons behind risky password practices - Help Net Security

#security #password practices #psychology

·helpnetsecurity.com·Oct 13, 2016

The psychological reasons behind risky password practices - Help Net Security

On Phone Numbers and Identity – Stories From Coinbase

On Phone Numbers and Identity – Stories From Coinbase

#security #identity #two factor #impersonation #identity theft

·medium.com·Sep 30, 2016

On Phone Numbers and Identity – Stories From Coinbase

Hardening a Unix application server

Hardening a Unix application server

#hardening #linux #security

·oreilly.com·Sep 11, 2016

Hardening a Unix application server

It's the Year of Application Layer Security in Public Clouds | Cohesive Networks

#cloud #application layer security #security #overlay networking

·cohesive.net·Sep 11, 2016

It's the Year of Application Layer Security in Public Clouds | Cohesive Networks

CloudFlare, SSL and unhealthy security absolutism

CloudFlare, SSL and unhealthy security absolutism

#ssl #cloud flare #attack vectors #risk #encryption

·troyhunt.com·Sep 7, 2016

CloudFlare, SSL and unhealthy security absolutism

Schlomo Schapiro: Lifting the Curse of Static Credentials

Schlomo Schapiro: Lifting the Curse of Static Credentials

#credentials #identities #aws #trust #security

·blog.schlomo.schapiro.org·May 20, 2016

Schlomo Schapiro: Lifting the Curse of Static Credentials

Target=”_blank” — the most underestimated vulnerability ever

Target=”_blank” — the most underestimated vulnerability ever

#web #vulnerability #cross-site

·medium.com·May 4, 2016

Target=”_blank” — the most underestimated vulnerability ever

Detecting the use of "curl | bash" server side | Application Security

Detecting the use of "curl | bash" server side | Application Security

·idontplaydarts.com·Apr 20, 2016

Detecting the use of "curl | bash" server side | Application Security

GitHub’s CSP journey - GitHub Engineering

GitHub’s CSP journey - GitHub Engineering

#web #javascript #cross-site scripting #github

·githubengineering.com·Apr 12, 2016

GitHub’s CSP journey - GitHub Engineering

What Werewolf teaches us about Trust & Security

What Werewolf teaches us about Trust & Security

#bruce schneier #game #trust

·eaves.ca·Apr 8, 2016

What Werewolf teaches us about Trust & Security

securitychecklist.org

securitychecklist.org

#security #checklist

·securitychecklist.org·Apr 3, 2016

securitychecklist.org

Diplomat: Using Delegations to Protect Community Repositories

Diplomat: Using Delegations to Protect Community Repositories

#diplomat #repositories #trust #signing

·blog.acolyer.org·Mar 30, 2016

Diplomat: Using Delegations to Protect Community Repositories

How to rethink security risk analysis

How to rethink security risk analysis

#risk #measuring #analysis

·oreilly.com·Mar 30, 2016

How to rethink security risk analysis

How Early-Stage Startups Can Enlist The Right Amount of Security As They Grow | First Round Review

How Early-Stage Startups Can Enlist The Right Amount of Security As They Grow | First Round Review

#startup #security

·firstround.com·Mar 29, 2016

How Early-Stage Startups Can Enlist The Right Amount of Security As They Grow | First Round Review

It All Started With a Wager About System Upgrades

It All Started With a Wager About System Upgrades

#patching #immutable infrastructure #updates #yum #cloud

·blog.threatstack.com·Mar 27, 2016

It All Started With a Wager About System Upgrades

The Rehabilitated Security SDLC — Signal Sciences Labs

The Rehabilitated Security SDLC — Signal Sciences Labs

#devops #security unit testing #continuous

·labs.signalsciences.com·Mar 23, 2016

The Rehabilitated Security SDLC — Signal Sciences Labs

Security Design Principles for Digital Services | CESG Site

Security Design Principles for Digital Services | CESG Site

#architecture #gov #design

·cesg.gov.uk·Mar 23, 2016

Security Design Principles for Digital Services | CESG Site

A Few Thoughts on Cryptographic Engineering: Attack of the week: DROWN

A Few Thoughts on Cryptographic Engineering: Attack of the week: DROWN

#openssl #attack #rsa #ssl

·blog.cryptographyengineering.com·Mar 2, 2016

A Few Thoughts on Cryptographic Engineering: Attack of the week: DROWN

Distribution packages considered insecure

Distribution packages considered insecure

·statuscode.ch·Feb 29, 2016

Distribution packages considered insecure