"Mozilla Drops Onerep After CEO Admits to Running People-Search Networks"

https://krebsonsecurity.com/2024/03/mozilla-drops-onerep-after-ceo-admits-to-running-people-search-networks/

#firefox #mozilla #privacy #security

"Bitcoin Atlantis Conference: €115,100 from 8,750 Transactions in 3 Days, Showcasing Bitcoin's Role as a Payment Method"

https://blog.btcpayserver.org/case-study-bitcoin-atlantis/

#bitcoin #lightningnetwork #bitcoinatlantis

"Feature flags are ruining your codebase"

https://zaidesanton.substack.com/p/feature-flags-are-ruining-your-codebase

These flags are a very useful tool, but as always, you should use them carefully.

#programming #dev #webdev #softwaredevelopment

"How the Lockheed SR-71 Blackbird Works"

https://www.youtube.com/watch?v=gkyVZxtsubM

Nice!

"You can not simply publicly access private secure links, can you?"

https://vin01.github.io/piptagole/security-tools/soar/urlscan/hybrid-analysis/data-leaks/urlscan.io/cloudflare-radar%22/2024/03/07/url-database-leaks-private-urls.html

#security #web #infosec

"900 Sites, 125 million accounts, 1 vulnerability"

"""

TLDR:

- Firebase allows for easy misconfiguration of security rules with zero warnings

- This has resulted in hundreds of sites exposing a total of ~125 Million user records, including plaintext passwords & sensitive billing information

"""

https://env.fail/posts/firewreck-1/

#security #webdev #firebase #infosec

"Passkeys – Under The Hood"

https://research.kudelskisecurity.com/2024/03/14/passkeys-under-the-hood/

#security #authentication #webauthn #passkeys

"I welcome the attention, but I worry that the reporting conflates two distinct aspects of infosec: software engineering and enterprise security. When it comes to proposed solutions, the focus is usually on the former: there are growing calls for government-mandated coding standards or special forms of vendor liability. On these topics, we’re shooting from the hip."

https://lcamtuf.substack.com/p/product-security-barking-up-the-wrong

#security #cybersecurity #infosec

"A compiled checklist of 300+ tips for protecting digital security and privacy in 2024"

https://github.com/Lissy93/personal-security-checklist

#security #netsec #infosec

"Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data"

https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data

#security #chatgpt #infosec

"Getting Things Done In A Chaotic Environment"

https://staysaasy.com/leadership/2024/03/12/Getting-Things-Done.html

#productivity #startups

"Security.txt in the wild"

https://blog.ovalerio.net/archives/2818

#security #securitytxt

"European Commission’s use of Microsoft 365 infringes data protection law for EU institutions and bodies"

https://www.edps.europa.eu/press-publications/press-news/press-releases/2024/european-commissions-use-microsoft-365-infringes-data-protection-law-eu-institutions-and-bodies_en

#security #privacy #europeanunion #europeancomission

"Modern Git Commands and Features You Should Be Using"

https://martinheinz.dev/blog/109

#git

"Regex character “$” doesn't mean “end-of-string”"

https://sethmlarson.dev/regex-%24-matches-end-of-string-or-newline

#python #regex

"One does not simply implement passkeys"

https://joshcgrossman.com/2024/02/08/one-does-not-simply-implement-passkeys/

#security #authentication #passkeys #webauthn

"How to secure APIs built with Django"

https://securityboulevard.com/2024/01/best-django-security-practices/

#security #django

Microsoft's "Security-101"

https://github.com/microsoft/Security-101/

#security #cybersecurity

"6 ways to improve the architecture of your Python project (using import-linter)"

https://www.piglei.com/articles/en-6-ways-to-improve-the-arch-of-you-py-project/

#python #softwaredevelopment #programming

"Using form hijacking to bypass CSP"

https://portswigger.net/research/using-form-hijacking-to-bypass-csp

#security #web #csp