Bill Sempf
The House oversight report on Equifax is out, and it is a doosy. Ouch.
https://techcrunch.com/2018/12/10/equifax-breach-preventable-house-oversight-report/
Here's a good Twitter thread on it, unrolled
https://threadreaderapp.com/thread/1072319618352627714.html
XXE was added to the OWASP Top 10 and some scoffed. Read this before you blow it off.
https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/
OAuth is a thing, and deserves more research. If Twitter can screw it up, anyone can.
https://shkspr.mobi/blog/2018/12/twitter-bug-bounty/
Wordpress 5 got a security release. Get your hax in while you can.
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
So SMS based two factor auth is better than NOTHING, but not much.
https://arstechnica.com/information-technology/2018/12/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-and-gmail/
That's the news, folks.
Tags:
Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.
Subscribe