Lobster Roll

All LHN/.

Security / Privacy (2024-09)

RSS

Showing stories from 2024-09. View all

secure.py – Simplify HTTP Security Headers for Python Web Apps (Major Update) (github.com)
L 7 pts 1 comments by cak Sep 30, 2024 pythonsecurityweb Web DevelopmentProgramming (General)Programming Languages / CS TheorySecurity / Privacy thread
Hello everyone, I'm excited to announce a major update to secure.py, a Python library that simplifies adding HTTP security headers to web applications. This release is a complete rewrite, leveraging modern Python 3.10+ features to enhance usability and performance. It supports frameworks like Fla...
Watching TV with the Second-Party: A First Look at Automatic Content Recognition Tracking in Smart TVs (arxiv.org)
L 3 pts 1 comments by asymmetric Sep 27, 2024 hardwareprivacy Security / PrivacyMaker / DIY / Hardware thread
Hacking Kia: Remotely Controlling Cars With Just a License Plate (samcurry.net)
L 40 pts 13 comments by sjamaan Sep 27, 2024 security Security / Privacy thread
You're probably not vulnerable to the CUPS CVE (xeiaso.net)
L 19 pts 11 comments by l0b0 Sep 27, 2024 security Security / Privacy thread
Attacking UNIX Systems via CUPS, Part I (evilsocket.net)
L 56 pts 40 comments by crazyloglad Sep 26, 2024 security Systems / Low-Level / OSSecurity / Privacy thread
mir: Module-level RWX permissions for Node.js (github.com)
L 2 pts 0 comments by argetos96 Sep 26, 2024 nodejssecurity Web DevelopmentSecurity / Privacy thread
Eliminating memory safety vulnerabilities at the source (security.googleblog.com)
L 46 pts 37 comments by heinrich5991 Sep 25, 2024 androidsecurity Security / Privacy thread
Mozilla faces a privacy complaint over Firefox's tracking (engadget.com)
L 40 pts 80 comments by ianloic Sep 25, 2024 lawprivacyweb Web DevelopmentSecurity / Privacy thread
Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure (securityonline.info)
L 5 pts 10 comments by enpo Sep 25, 2024 linuxsecurity Systems / Low-Level / OSSecurity / Privacy thread
Eliminating Memory Safety Vulnerabilities at the Source (security.googleblog.com)
L 1 pts 0 comments by Celeritas Sep 25, 2024 androidrustsecurity Systems / Low-Level / OSSecurity / Privacy thread
Post-OCSP certificate revocation in the Web PKI (seirdy.one)
L 7 pts 2 comments by Seirdy Sep 25, 2024 browserssecurityweb Web DevelopmentSecurity / Privacy thread
Awala: The computer network on which humankind can truly rely (awala.network)
L 6 pts 6 comments by andrewchou Sep 25, 2024 cryptographynetworkingprivacy Data / Databases / InfrastructureSecurity / Privacy thread
Insecurity Through Mandates (michaelwashere.net)
L 5 pts 3 comments by Vaelatern Sep 24, 2024 security Security / Privacy thread
HardenedBSD and Protectli Collaborates for a Censorship- and Surveillance-Resistant Mesh Network (hardenedbsd.org)
L 9 pts 1 comments by lattera Sep 23, 2024 networkingsecurity Data / Databases / InfrastructureSecurity / Privacy thread
Safe Ride into the Dangerzone: Reducing attack surface with gVisor (dangerzone.rocks)
L 5 pts 2 comments by legoktm Sep 23, 2024 security Security / Privacy thread
RFC 9446: Reflections on Ten Years Past the Snowden Revelations (2023) (rfc-editor.org)
L 6 pts 2 comments by adsouza Sep 23, 2024 historicalprivacy Security / PrivacyCulture / Philosophy / History / Reading thread
What's inside the QR code menu at this cafe? (peabee.substack.com)
L 28 pts 11 comments by sjamaan Sep 23, 2024 security Programming (General)Security / Privacy thread
CensysIO just started actively probing mumble servers (gist.github.com)
L 10 pts 5 comments by ecksdee Sep 23, 2024 networkingsecurity Data / Databases / InfrastructureSecurity / Privacy thread
<W>2024-09-23 03:27:21.227 1 => <31:CensysIO(-1)> Authenticated <W>2024-09-23 03:27:21.344 1 => <31:CensysIO(-1)> Connection closed: The TLS/SSL connection has been closed [1] How far does Censys actively probe services to where it is more invasive than necessary?
OpenSSH 9.9 released (undeadly.org)
L 20 pts 0 comments by jcspencer Sep 21, 2024 releasesecurity Security / Privacy thread
4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways (blog.coffinsec.com)
L 5 pts 0 comments by fro Sep 21, 2024 security Security / Privacy thread
End-to-End Encryption in Rails with Stimulus and OpenPGP (jensravens.com)
L 2 pts 0 comments by MatheusRich Sep 21, 2024 rubysecurity Programming (General)Security / Privacy thread
Gaining Access to Anyones Browser without Them Even Visiting a Website (kibty.town)
L 104 pts 27 comments by mtlynch Sep 20, 2024 browserssecurity Web DevelopmentSecurity / Privacy thread
Visual guide to SSH tunneling and port forwarding (ittavern.com)
L 19 pts 1 comments by WorksOnMyMachine Sep 19, 2024 linuxnetworkingsecurity Systems / Low-Level / OSData / Databases / InfrastructureSecurity / Privacy thread
Unmasking vulnerabilities in cheap IoT cameras from one Chinese manufacturer (trevorkems.com)
L 10 pts 0 comments by jmillikin Sep 19, 2024 reversingsecurity Systems / Low-Level / OSSecurity / Privacy thread
Ruby-SAML pwned by XML signature wrapping attacks (ssoready.com)
L 11 pts 0 comments by jmillikin Sep 19, 2024 rubysecurity Programming (General)Programming Languages / CS TheorySecurity / Privacy thread
Using YouTube to steal your files (lyra.horse)
L 140 pts 11 comments by rebane2001 Sep 19, 2024 securityweb Web DevelopmentSecurity / Privacy thread
Integrity Policy Enforcement (IPE) (docs.kernel.org)
L 1 pts 1 comments by sknebel Sep 18, 2024 linuxsecurity Systems / Low-Level / OSSecurity / Privacy thread
Update on an upcoming German broadcasting story about Tor/Onion Services (lists.torproject.org)
L 25 pts 4 comments by gioele Sep 18, 2024 networkingsecurity Data / Databases / InfrastructureSecurity / Privacy thread
Prompt Injections and a demo (frederikbraun.de)
L 1 pts 0 comments by freddyb Sep 18, 2024 securityvibecoding AI / Machine LearningSecurity / Privacy thread
Meet DAVE: Discord’s New End-to-End Encryption for Audio & Video (discord.com)
L 21 pts 12 comments by gmem Sep 17, 2024 cryptography Security / Privacy thread