"Django 5.1 released"
https://www.djangoproject.com/weblog/2024/aug/07/django-51-released/
#python #django
"The Great npm Garbage Patch"
https://blog.phylum.io/the-great-npm-garbage-patch/
#npm #supplychain #security #packagemanagers
"Django security releases issued: 5.0.8 and 4.2.15"
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
* Potential SQL injection in QuerySet.values() and values_list()
* Memory exhaustion in django.utils.numberformat.floatformat()
* Potential denial-of-service in django.utils.html.urlize()
* Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
#security #infosec #cybersecurity #django #python
"Breaking Kakasoft USB Copy Protection"
https://yasoob.me/posts/breaking-kakasoft-usb-copy-protection/
#security #infosec
"How to Build Anything Extremely Quickly"
https://learnhowtolearn.org/how-to-build-extremely-quickly/
"Do “outline speedrunning”: Recursively outline an MVP, speedrun filling it in, and only then go back and perfect."
#productivity #build #create
"django-allauth 64.0.0 released"
https://allauth.org/news/2024/07/django-allauth-64.0.0-released/
* Added support for WebAuthn based security keys and passkey login.
#python #django #webauth #passkeys
"...modern alternatives to ... certificate pinning practices"
https://blog.cloudflare.com/why-certificate-pinning-is-outdated
#security #tls #pki
"Since 2011, a bug has existed in OpenSSL that... Silently sends up to 255 bytes of the client’s heap to the server."
https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html
Affects older versions of Node, Python and Android.
Meeting the necessary "constraints is quite unlikely nowadays"
#security #openssl #python #node #android
"Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection [CVE-2024-3219]"
https://seclists.org/oss-sec/2024/q3/123
#python #windows #security
"WhatsApp for Windows lets Python, PHP scripts execute with no warning"
#security #cybersecurity #windows #whatsapp
"Compromising the Secure Boot Process"
https://www.schneier.com/blog/archives/2024/07/compromising-the-secure-boot-process.html
#security #cybersecurity #secureboot
"Unfashionably secure: why we use isolated VMs"
https://blog.thinkst.com/2024/07/unfashionably-secure-why-we-use-isolated-vms.html
This illustration made me laugh 😂
#security #systemarchitecture
"Anyone can Access Deleted and Private Repository Data on GitHub"
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
This is not really new information, but always worth remembering. The title is a bit misleading since it only applies to forks.
#security #infosec #github
Let’s Encrypt "Intent to End OCSP Service"
https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html
#ca #privacy #tls #security
"What every developer should know about time"
https://medium.com/@davidebriani/what-every-developer-should-know-about-time-9668ea0ae693
I'm not sure every programmer should know all of this in detail, but the post is interesting nonetheless.
#time #programming #softwaredevelopment
"Things you wish you didn't need to know about S3"
https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3/
#security #s3 #aws
"KDE signs petition urging European Union to continue funding free software"
https://kde.org/announcements/2024_ngi_openletter/
#eu #europeanunion #EuropeanComission #kde #opensouce
"Concerns about passkeys"
"Passkeys are a technically interesting idea with many upsides, but I am concerned about the power they take away from users."
https://me.micahrl.com/blog/concerns-about-passkeys/
#security #passkeys #infosec #cybersecurity #authentication
"The vulnerabilities found" in SAP AI Core "could have allowed attackers to access customers’ data and contaminate internal artifacts – spreading to related services and other customers’ environments."
https://www.wiz.io/blog/sapwned-sap-ai-vulnerabilities-ai-security
#security #infosec #cybersecurity #sap
"... Weak Security Defaults Enabled Squarespace Domains Hijacks"
#security #netsec #cybersecurity #squarespace