Dec 16, 2018 Application Security This Week for December 16 The House oversight report on Equifax is out, and it is a doosy. Ouch. https://techcrunch.com/2018/12/10/equifax-breach-preventable-house-oversight-report/ Here's a good Twitter thread on it, unrolled https://threadreaderapp.com/thread/1072319618352627714.html XXE was added to the OWASP Top 10 and some scoffed. Read this before you blow it off. https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/ OAuth is a thing, and deserves more research. If Twitter can screw it up, anyone can. https://shkspr.mobi/blog/2018/12/twitter-bug-bounty/ Wordpress 5 got a security release. Get your hax in while you can. https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/ So SMS based two factor auth is better than NOTHING, but not much. https://arstechnica.com/information-technology/2018/12/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-and-gmail/ That's the news, folks.