Data Safety and Information Security

Data Safety and Information Security

749 bookmarks
Custom sorting
memory spy
memory spy
·memory-spy.wizardzines.com·
memory spy
Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us | InformIT
Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us | InformIT
175+ Cybersecurity Misconceptions and the Myth-Busting Skills You Need to Correct ThemCybersecurity is fraught with hidden and unsuspected dangers and difficulties. Despite our best intentions, there are common and avoidable mistakes that arise from folk wisdom, faulty assumptions about the world, and our own human biases. Cybersecurity implementations, investigations, and research all suffer as a result.
·informit.com·
Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us | InformIT
The Security Pipeline - DevOps.com
The Security Pipeline - DevOps.com
Integrating security solutions into DevOps toolchains will take effort, but once in place they will enhance application security.
·devops.com·
The Security Pipeline - DevOps.com
API Security: Is Authorization the Biggest Threat?
API Security: Is Authorization the Biggest Threat?
Authorization is the largest vulnerability area that is not protected well and represents the biggest current risk for API security.
·thenewstack.io·
API Security: Is Authorization the Biggest Threat?
Lessons from 'Star Trek: Picard'—A cybersecurity expert explains how a sci-fi series illuminates today's threats
Lessons from 'Star Trek: Picard'—A cybersecurity expert explains how a sci-fi series illuminates today's threats
(Editor's note: This article contains plot spoilers.) Society's understanding of technology and cybersecurity often is based on simple stereotypes and sensational portrayals in the entertainment media. I've written about how certain scenarios are entertaining but misleading. Think of black-clad teenage hackers prowling megacities challenging corporate villains. Or think of counterintelligence specialists repositioning a satellite from the back of a surveillance van via a phone call.
·techxplore.com·
Lessons from 'Star Trek: Picard'—A cybersecurity expert explains how a sci-fi series illuminates today's threats
How to fix a ReDoS | The GitHub Blog
How to fix a ReDoS | The GitHub Blog
Code scanning detects ReDoS vulnerabilities automatically, but fixing them isn’t always easy. This blog post describes a 4-step strategy for fixing ReDoS bugs.
·github.blog·
How to fix a ReDoS | The GitHub Blog
Runtime Security: Relevancy Is What Counts
Runtime Security: Relevancy Is What Counts
Security best practices have emerged, including those for cloud native deployments. However, that remains a work in progress.
·thenewstack.io·
Runtime Security: Relevancy Is What Counts
Mitigate Risk Beyond the Supply Chain with Runtime Monitoring
Mitigate Risk Beyond the Supply Chain with Runtime Monitoring
Pipeline controls can only ensure security and compliance for changes that have gone through the pipeline. They don't account for "dark deploys" from bad actors who access production by going around the golden path.
·thenewstack.io·
Mitigate Risk Beyond the Supply Chain with Runtime Monitoring
Internet Identity Workshop 36 Report
Internet Identity Workshop 36 Report
Last week's IIW was great with many high intensity discussions of identity by people from across the globe.
·windley.com·
Internet Identity Workshop 36 Report
ETHOS | Emerging Threat Open Sharing
ETHOS | Emerging Threat Open Sharing
ETHOS is the OT-centric, open-source platform for sharing anonymous early warning threat information.
·ethos-org.io·
ETHOS | Emerging Threat Open Sharing
Mysk🇨🇦🇩🇪 (@mysk@defcon.social)
Mysk🇨🇦🇩🇪 (@[email protected])
Attached: 4 images Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices. TL;DR: Don't turn it on. The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices. We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user. Why is this bad? Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵 #Privacy #Cybersecurity #InfoSec #2FA #Google #Security
·defcon.social·
Mysk🇨🇦🇩🇪 (@[email protected])
Shodan
Shodan
Search engine of Internet-connected devices. Create a free account to get started.
·shodan.io·
Shodan
The War on Passwords Enters a Chaotic New Phase
The War on Passwords Enters a Chaotic New Phase
The transition from traditional logins to cryptographic passkeys is getting messy. But don’t worry—there’s a plan.
·wired.com·
The War on Passwords Enters a Chaotic New Phase
Authenticate with OpenID Connect and Apache APISIX
Authenticate with OpenID Connect and Apache APISIX
Lots of companies are eager to provide their identity provider: Twitter, Facebook, Google, etc. For smaller businesses, not having to manage identities is a benefit. However, we want to avoid being locked into one provider. In this post, I want to demo how to use OpenID Connect using Google underneath and then switch to Azure. OpenID Connect The idea of an authorization open standard started with OAuth around 2006. Because of a security issue, OAuth 2.0 superseded the initial version. OAuth 2
·blog.frankel.ch·
Authenticate with OpenID Connect and Apache APISIX
Highlights from the New U.S. Cybersecurity Strategy
Highlights from the New U.S. Cybersecurity Strategy
The Biden administration today issued its vision for beefing up the nation's collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House's new national cybersecurity…
·krebsonsecurity.com·
Highlights from the New U.S. Cybersecurity Strategy
What Is a Message Authentication Code (MAC)?
What Is a Message Authentication Code (MAC)?
In secure website connections, a message authentication code (MAC) helps authenticate a message and its data integrity so you know its legit.
·thesslstore.com·
What Is a Message Authentication Code (MAC)?
Serious Security: How to store your users’ passwords safely
Serious Security: How to store your users’ passwords safely
Following our popular article explaining what Adobe did wrong with its users’ passwords, a number of readers asked us, “Why not publish an article showing the rest of us how to do it ri…
·nakedsecurity.sophos.com·
Serious Security: How to store your users’ passwords safely
Password strength explained
Password strength explained
I try to explain how attackers would guess your password, should they get their hands on your encrypted data. There are some thoughts on the strength of real-world passwords and suggestions for your new password.
·palant.info·
Password strength explained