Application Security This Week for June 23

Google has decided that the API that underpins the Chrome extension kit is too powerful - and they aren't wrong.  But the changes appear to be killing adblockers.  Strange, that.

https://www.theregister.co.uk/2019/06/17/chrome_extensions_security/

 

No, you aren't reading an old edition of this newsletter.  There really is another Orable Weblogic deserialization bug.

https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html

https://www.theregister.co.uk/2019/06/19/oracle_weblogic_emergency/

 

Good writeup on the current state of 2 factor authorization.

https://blog.trailofbits.com/2019/06/20/getting-2fa-right-in-2019/

 

That's the news, folks.

 

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList