"Django security releases issued: 5.0.3, 4.2.11, and 3.2.25"

* CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()

https://www.djangoproject.com/weblog/2024/mar/04/security-releases/

#python #django #security

"Passkeys - Threat modeling and implementation considerations"

https://slashid.com/blog/passkeys-security-implementation/

#authentication #security #webauth #passkeys

"Use KeePassXC to sign your git commits"

https://code.mendhak.com/keepassxc-sign-git-commit-with-ssh/

#security #git #keepassxc #ssh

Issue 82 of PrivacyTests.org is out today!

https://privacytests.org/

"Exploiting CSP Wildcards for Google Domains"

https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google

Truth be told, this can be applied to most CSP wildcards.

#security #csp #content-security-policy #web #webdev #appsec

"Over 100,000 Infected Repos Found on GitHub"

https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

#security #programming #softwaredevelopment #github

"Bypassing Windows 11 Account Setup"

https://www.bunniestudios.com/blog/?p=6835

Just in case you ever need. IMO if you can, just ignore windows.

#windows #microsoft

Framing is Everything"

https://danielmiessler.com/p/framing-is-everything

#perception #framing #reality #social #politics

Quick security tip: Enable HTTPS-Only mode in your Firefox browser. It will ensure all connections are secure.

Go to “about:preferences#privacy”, scroll down to “HTTPS-Only Mode” and set it to “Enable HTTPS-Only mode in all windows”.

If you visit a website that doesn't support HTTPS or if someone is trying to downgrade your connection to HTTP, it will be painfully clear what is happening. You can still click “Continue to HTTP Site” if you want to proceed anyway.

#security #browsers #firefox

"How to run pytest in parallel on GitHub actions"

https://guicommits.com/parallelize-pytest-tests-github-actions/

#python #pytest #githubactions

"JavaScript Bloat in 2024"

https://tonsky.me/blog/js-bloat/

😱 😱 😱

#web #webdev #javascript #websites

"Thanks FedEx, This is Why we Keep Getting Phished"

https://www.troyhunt.com/thanks-fedex-this-is-why-we-keep-getting-phished/

#fedex #security #phishing

"Smuggling Malware in Test Code"

https://blog.phylum.io/smuggling-malware-in-test-code/

"Developers should remain vigilant to carefully vet any source code that strangers on the Internet insist that you download."

#security #infosec #netsec #npm #javascript

"Engineers Are Not A Commodity"

https://staysaasy.com/startups/2024/02/17/Engineering-Talent.html

#startups

"Get up and running with large language models, locally."

https://ollama.com/

#ai #localai #llm

"Ten Python datetime pitfalls, and what libraries are (not) doing about it"

https://dev.arie.bovenberg.net/blog/python-datetime-pitfalls/

#python

"... practical recommendations for configuring Docker platform aimed at increasing its security."

https://reynardsec.com/en/docker-platform-security-step-by-step-hardening/

#docker #security

According to the documentation, it is the intended behavior. I'm not sure if it is a good decision.

I was playing and testing with some VMs using VirtualBox, when I noticed that the default (virtual) networking configuration completely bypasses the host firewall, exposing all running services to the guest VMs.

Even the services only listening in the loopback interface are accessible. 😓

At first, I thought I had done something very wrong, but no... it seems there is an old issue marked as #wontfix

https://forum.virtualbox.org/ticket/17914

You can never be too careful.

#security #virtualbox #netsec

"Cloud cryptography demystified: Amazon Web Services"

https://blog.trailofbits.com/2024/02/14/cloud-cryptography-demystified-amazon-web-services/

#security #cryptography #aws