Victor Loux Bookmarks Tag: security

77 bookmarks tagged “security

I figured out how DMARC works, and it almost broke me | Simon Andrews

simonandrews.ca/articles/how-to-set-up-spf-dkim-dmarc
How to use SPF, DKIM, and DMARC to improve your domain's email security and limit spoofing - but written for humans.

Try This One Weird Trick Russian Hackers Hate – Krebs on Security

krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/
DarkSide, like a great many other malware strains, has a hard-coded do-not-install list of countries which are the principal members of the Commonwealth of Independent States (CIS) — former Soviet satellites that mostly have favorable relations with the Kremlin. The full exclusion list in DarkSide (published by Cybereason) is below:

They Told Their Therapists Everything. Hackers Leaked It All | WIRED

wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/
A mental health startup built its business on easy-to-use technology. Patients joined in droves. Then came a catastrophic data breach.

Semgrep

semgrep.dev/
Semgrep is an open-source tool for lightweight static analysis using a familiar syntax

A fresh new avenue for Google to kill your SaaS startup | Gonzalo Sainz-Trápaga | Medium

gomox.medium.com/google-safe-browsing-can-kill-your-startup-7d73c474b98d
Google Safe Browsing is a Google program that can blacklist any website or SaaS application in Google Chrome and other browsers and platforms.

Best practices for managing & storing secrets like API keys and other credentials [2020]

blog.gitguardian.com/secrets-api-management/
It is extremely important to understand that code reviews will not always detect secrets, especially if they are hidden in previous versions of code. The reason code reviews are not adequate protection is because reviewers are only concerned with the difference between current and proposed states of the code, they do not consider the entire history of the project.

Latacora - Stop Using Encrypted Email

latacora.micro.blog/2020/02/19/stop-using-encrypted.html
Email is unsafe and cannot be made safe. The tools we have today to encrypt email are badly flawed. Even if those flaws were fixed, email would remain unsafe. Its problems cannot plausibly be mitigated. Avoid encrypted email. Technologists hate this argument. Few of them specialize in cryptography or privacy, but all of them are interested in it, and many of them tinker with encrypted email tools. Most email encryption on the Internet is performative, done as a status signal or show ...

Princeton IoT Inspector

iot-inspector.princeton.edu/
an open-source tool that helps you learn more about your IoT devices with one-click install