Recommended read: Hardcoded secrets, unverified tokens, and other common JWT mistakes https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/

Thu, 02 Jul 2020 14:53 by Jamie Tanna . #jwt #security.

The Impending Doom of Expiring Root CAs and Legacy Clients

Recommended read: The Impending Doom of Expiring Root CAs and Legacy Clients https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/

Fri, 19 Jun 2020 16:42 by Jamie Tanna . #security #certificates.

Like of https://drewdevault.com/tls/security/oauth/2020/06/12/Can-we-talk-about-client-side-certs.html

Sun, 14 Jun 2020 00:15 by Jamie Tanna . #security #oauth2 #certificates #mutual-tls.

Wed, 03 Jun 2020 22:18 by Jamie Tanna . #security.

Bookmark

The Real Cause of the Sign In with Apple Zero-Day • Aaron Parecki

Recommended read: The Real Cause of the Sign In with Apple Zero-Day • Aaron Parecki https://aaronparecki.com/2020/05/31/30/the-real-cause-of-the-sign-in-with-apple-zero-day

Sun, 31 May 2020 22:58 by Jamie Tanna . #security #oauth2 #oidc #apple.

Bookmark

Let’s settle the password vs. passphrase debate once and for all

Recommended read: Let’s settle the password vs. passphrase debate once and for all https://protonmail.com/blog/protonmail-com-blog-password-vs-passphrase/

Wed, 27 May 2020 07:54 by Jamie Tanna . #security.

Like of https://medium.com/@stestagg/stealing-secrets-from-developers-using-websockets-254f98d577a0

Mon, 25 May 2020 15:32 by Jamie Tanna . #security.

Like of https://nullsweep.com/why-is-this-website-port-scanning-me/

Mon, 25 May 2020 15:30 by Jamie Tanna . #security.

Like of https://write.privacytools.io/freddy/keybase-zoom-and-messaging

Wed, 13 May 2020 21:25 by Jamie Tanna . #zoom #security #privacy.

Mon, 11 May 2020 10:12 by Jamie Tanna . #security.

Repost

Thu, 07 May 2020 14:47 by Jamie Tanna . #security.

Fri, 17 Apr 2020 23:26 by Jamie Tanna . #security #zoom.

Bookmark

JSON Web Token Validation Bypass in Auth0 Authentication API

Recommended read: JSON Web Token Validation Bypass in Auth0 Authentication API https://insomniasec.com/blog/auth0-jwt-validation-bypass

Fri, 17 Apr 2020 00:50 by Jamie Tanna . #security #jwg.

Article

Tomcat May Log Cookies Out-of-the-Box (3 mins read).

Warning you about cookies being logged out-of-the-box, and how to resolve it.

Tue, 07 Apr 2020 21:44 by Jamie Tanna . #blogumentation #security #java #tomcat #spring-boot.

Bookmark

FYI: When Virgin Media said it leaked 'limited contact info', it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more

Recommended read: FYI: When Virgin Media said it leaked 'limited contact info', it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more https://www.theregister.co.uk/2020/03/06/virgin_more_leak_details/

Sun, 22 Mar 2020 16:04 by Jamie Tanna . #security #privacy.

Like of https://www.camg.me/https-obsolescence/

Tue, 10 Mar 2020 18:07 by Jamie Tanna . #security.

Like of https://adactio.com/journal/16503

Wed, 04 Mar 2020 17:02 by Jamie Tanna . #security.

Like of https://shkspr.mobi/blog/2020/02/responsible-disclosure-john-lewis/

Mon, 10 Feb 2020 20:08 by Jamie Tanna . #security.

Bookmark

HTML attributes to improve your users' two factor authentication experience

Recommended read: HTML attributes to improve your users' two factor authentication experience https://www.twilio.com/blog/html-attributes-two-factor-authentication-autocomplete

Tue, 28 Jan 2020 08:29 by Jamie Tanna . #security #usability #web.

Bookmark

systemd service sandboxing and security hardening 101

Recommended read: systemd service sandboxing and security hardening 101 https://www.ctrl.blog/entry/systemd-service-hardening.html

Sat, 18 Jan 2020 16:00 by Jamie Tanna . #security #systemd.

Bookmark

Patch Windows 10 and Server now because certificate validation is broken

Recommended read: Patch Windows 10 and Server now because certificate validation is broken https://arstechnica.com/information-technology/2020/01/patch-windows-10-and-server-now-because-certificate-validation-is-broken/

Wed, 15 Jan 2020 08:26 by Jamie Tanna . #security #windows.

Bookmark

When MFA isn't necessarily strong

Recommended read: When MFA isn't necessarily strong https://www.sweharris.org/post/2019-06-09-softtoken/

Sat, 04 Jan 2020 02:32 by Jamie Tanna . #security.

Bookmark

Wifi deauthentication attacks and home security

Recommended read: Wifi deauthentication attacks and home security https://mjg59.dreamwidth.org/53968.html

Thu, 02 Jan 2020 07:24 by Jamie Tanna . #security #networking.

Bookmark

49% of workers, when forced to update their password, reuse the same one with just a minor change

Recommended read: 49% of workers, when forced to update their password, reuse the same one with just a minor change https://www.grahamcluley.com/49-of-workers-when-forced-to-update-their-password-reuse-the-same-one-with-just-a-minor-change/

Sun, 15 Dec 2019 11:26 by Jamie Tanna . #security.

Bookmark

Binary Planting with the npm CLI

Recommended read: Binary Planting with the npm CLI https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Fri, 13 Dec 2019 17:43 by Jamie Tanna . #npm #nodejs #javascript #security.

Bookmark

Thames Water don't get password security

Recommended read: Thames Water don't get password security https://shkspr.mobi/blog/2019/12/thames-water-dont-get-password-security/

Fri, 06 Dec 2019 08:10 by Jamie Tanna . #security.

Bookmark

Public SSH keys can leak your private infrastructure

An interesting look at how using one key for everything (SSH to servers, SSH for git hosting, etc) can be a Bad Thing™

Recommended read: Public SSH keys can leak your private infrastructure https://rushter.com/blog/public-ssh-keys/

Sun, 01 Dec 2019 01:05 by Jamie Tanna . #ssh #security.

Bookmark

Hacking JSON Web Tokens (JWTs)

Recommended read: Hacking JSON Web Tokens (JWTs) https://medium.com/swlh/hacking-json-web-tokens-jwts-9122efe91e4a

Mon, 25 Nov 2019 18:25 by Jamie Tanna . #jwt #security.

Bookmark

Preventing The Capital One Breach

Recommended read: Preventing The Capital One Breach https://ejj.io/blog/capital-one

Sun, 24 Nov 2019 23:13 by Jamie Tanna . #security #ssrf.

Bookmark

Report: We Tested 5 Popular Web Hosting Companies & All Were Easily Hacked

Recommended read: Report: We Tested 5 Popular Web Hosting Companies & All Were Easily Hacked https://www.websiteplanet.com/blog/report-popular-hosting-hacked/

Sun, 24 Nov 2019 22:39 by Jamie Tanna . #security #web-applications #cors #csrf #xss.

Article

Piping Data When Not Running a Command with sudo (1 mins read).

How to (more) safely pipe stdin to an elevated command with sudo tee.

Sun, 24 Nov 2019 20:12 by Jamie Tanna . #blogumentation #command-line #nablopomo #security.

Like of https://www.troyhunt.com/when-bank-communication-is-indistinguishable-from-phishing-attacks/

Tue, 19 Nov 2019 11:54 by Jamie Tanna . #security.

Bookmark

Dockle: Container Image Linter for Security

Recommended read: Dockle: Container Image Linter for Security https://github.com/goodwithtech/dockle

Mon, 11 Nov 2019 16:11 by Jamie Tanna . #docker #security #containers.

Bookmark

We built network isolation for 1,500 services to make Monzo more secure

Recommended read: We built network isolation for 1,500 services to make Monzo more secure https://monzo.com/blog/we-built-network-isolation-for-1-500-services/

Wed, 06 Nov 2019 20:06 by Jamie Tanna . #microservices #monzo #kubernetes #security #networking.

Bookmark

Running on Intel? If you want security, disable hyper-threading, says Linux kernel maintainer

Recommended read: Running on Intel? If you want security, disable hyper-threading, says Linux kernel maintainer https://www.theregister.co.uk/2019/10/29/intel_disable_hyper_threading_linux_kernel_maintainer/

Fri, 01 Nov 2019 11:50 by Jamie Tanna . #intel #security #linux.

Bookmark

Without encryption, we will lose all privacy. This is our new battleground

Recommended read: Without encryption, we will lose all privacy. This is our new battleground https://www.theguardian.com/commentisfree/2019/oct/15/encryption-lose-privacy-us-uk-australia-facebook

Thu, 17 Oct 2019 10:21 by Jamie Tanna . #encryption #privacy #security.

Bookmark

Yubikeys for SSH Auth

Recommended read: Yubikeys for SSH Auth https://www.engineerbetter.com/blog/yubikey-ssh/

Wed, 16 Oct 2019 13:05 by Jamie Tanna . #ssh #yubikey #security.

Bookmark

Stupid UNIX Tricks

Recommended read: Stupid UNIX Tricks https://sneak.berlin/20191011/stupid-unix-tricks/

Wed, 16 Oct 2019 13:04 by Jamie Tanna . #command-line #shell #linux #unix #openssh #docker #security.

Article

DevOpsDays London 2019 (63 mins read).

A writeup of the DevOpsDays London conference, and the talks and Open Spaces I attended.

Sat, 12 Oct 2019 12:56 by Jamie Tanna . #devopsdays #devops #cloud #events #monolith #microservices #testing #security #git #sre #on-call #legacy-code #agile #ethics #aws #empathy.

Bookmark

How our security team handle secrets

This is a really interesting post to hear how some other folks in a similar environment to us manage their secrets.

It's always cool to see how other folks are doing similar things, anyway, and as usual, Monzo have a great blog post.

Recommended read: How our security team handle secrets https://monzo.com/blog/2019/10/11/how-our-security-team-handle-secrets/

Fri, 11 Oct 2019 19:25 by Jamie Tanna . #monzo #secret-management #security.

Bookmark

Software Security Field Guide for the Bewildered

Recommended read: Software Security Field Guide for the Bewildered https://zwischenzugs.com/2019/09/22/software-security-field-guide-for-the-bewildered/

Sun, 22 Sep 2019 14:54 by Jamie Tanna . #security.

Bookmark

The PGP Problem

This is a really interesting article about the flaws in PGP - I don't have enough security backing and understanding to argue it, but it sounds legitimate. It's a surprise this isn't being talked about more if it is as bad as it is

Recommended read: The PGP Problem https://latacora.micro.blog/2019/07/16/the-pgp-problem.html

Thu, 18 Jul 2019 11:50 by Jamie Tanna . #security #pgp.

Bookmark

Thoughtbot's Application Security Guide

I found this when listening to episode 194 of the Bike Shed podcast: My PGP Shame. I'd only added this episode to my playlist as it was an interesting title, but listening to it, it was even better than I thought.

There was some great stuff in there about Thoughtbot's application security guide, linked, which is a definite must-read.

My favourite quote of the episode, though, is the following exchange:

I've got to be honest, how does anything work at all? Oh computers don't work

Recommended read: Thoughtbot's Application Security Guide https://github.com/thoughtbot/guides/blob/master/security/application.md

Mon, 27 May 2019 22:58 by Jamie Tanna . #security #podcasts.

Article

Cyber Nottingham May (5 mins read).

A writeup of the Cyber Nottingham meetup in May.

Sun, 19 May 2019 16:35 by Jamie Tanna . #events #cyber-nottingham #security.

Bookmark

Hardening SSH with 2fa

This is a great writeup about how to harden your SSH setup using 2-factor authentication. Would really recommend it!

Recommended read: Hardening SSH with 2fa https://gist.github.com/lizthegrey/9c21673f33186a9cc775464afbdce820

Thu, 16 May 2019 21:09 by Jamie Tanna . #security #ssh.

Tag security