"Don’t Use Session (Signal Fork)"

https://soatok.blog/2025/01/14/dont-use-session-signal-fork/

#security #infosec #signal #session #cybersecurity

"Two independent groups of researchers have identified a total of 6

vulnerabilities in rsync. In the most severe CVE, an attacker only requires

anonymous read access to a rsync server, such as a public mirror, to

execute arbitrary code on the machine the server is running on."

https://seclists.org/oss-sec/2025/q1/16

#security #cybersecurity #rsync

"Django security releases issued: 5.1.5, 5.0.11, and 4.2.18"

https://www.djangoproject.com/weblog/2025/jan/14/security-releases/

* CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation

#security #django

"Container capabilities: a short tour"

https://padlock.argh.in/2024/12/15/container-capabilities.html

#security #containers #docker

"Database optimization isn't always obvious"

https://kenwhitesell.github.io/2025/01/01/Database-optimization-is-not-alway-obvious.html

#sql #databases

"Effective Python Developer Tooling in December 2024"

https://pydevtools.com/blog/effective-python-developer-tooling-in-december-2024/

#python #programming #softwaredevelopment

"Getting Started Contributing to Django"

https://www.better-simple.com/django/2024/12/25/getting-started-contributing-django/

#python #django

"Hat Trick: AWS introduced same RCE vulnerability three times in four years"

https://giraffesecurity.dev/posts/amazon-hat-trick/

#security #cybersecurity #aws #supplychain

Passkey technology is elegant, but it’s most definitely not usable security

https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/

Yet

#passwors #passkeys #webauthn #authentication

"Apple Photos phones home on iOS 18 and macOS 15"

https://lapcatsoftware.com/articles/2024/12/3.html

#privacy

"A Tour of WebAuthn"

HTML version of the book

https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn.html

#webauthn #passkeys #authentication #2FA #security #cybersecurity

"Small teams"

https://www.proofofconcept.pub/p/small-teams

"Django: launch pdb when a given SQL query runs"

https://adamj.eu/tech/2024/12/05/django-sql-breakpoint/

#python #django #sql

The books I enjoyed the most in 2024

https://blog.ovalerio.net/archives/3051

Summary to save a click/tap:

* Broken Money, by Lyn Alden

* Masters of Doom, by David Kushner

#books

"Why we use our own hardware at Fastmail"

https://www.fastmail.com/blog/why-we-use-our-own-hardware/

#infrastructure #hardware #cloud #ops

"Rapidly Locating Query Bottlenecks in a Django Codebase"

https://pgilmartin.substack.com/p/rapidly-locating-query-bottlenecks

#django

"How to Lose a Fortune with Just One Bad Click"

https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/

#security #socialengineering #cybersecurity #bitcoin

"Misimplementation of PublicKeyCallback leads to authorization bypass in Go's x/crypto/ssh"

https://platform.sh/blog/uncovered-and-patched-golang-vunerability/

#security #infosec #netsec #cybersecurity #golang

"Far From Random: Three Mistakes From Dart/Flutter's Weak PRNG"

https://www.zellic.io/blog/proton-dart-flutter-csprng-prng/

And the importance for safe wallets, as demonstrated by the Proton Wallet example.

#security #cybersecurity #infosec  #prng

"The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices"

https://claroty.com/team82/research/the-insecure-iot-cloud-strikes-again-rce-on-ruijie-cloud-connected-devices

#security #cybersecurity #iot #netsec