https://sgued.fr/blog/need-csrf-token/

You should still use CSRF tokens. SameSite is not the same definition as Cross-Origin, so SameSite=Lax does not protect from CSRF coming from a "neighbor" subdomain.

#Security #CyperSecurity #CSRF #WebSecurity

W.r.t #ArcBrowser leaking user information and permitting JavaScript injection over their backend, a thought that just struck me:

Also more generally I must remark - okay, so you have all of these fancy social browser features. So far so understandable.

Why exactly is this wrapped in a giant pull-all-the-time paradigm instead of pushing local updates to people and having their browsers run queries for important information locally?

#cypersecurity and #webdev

I can't wrap my head around how almost all of the #xz reporting focuses on the failures of #opensource.
Yeah, sure, but ...

Good luck finding such an attack in proprietary code.
Via the cliché paid off/blackmailed employee, hacked dev servers/repos, or via capitalism's favorite cost-cutting measure: a remote "offshored" contracted temporary developer (or nowadays, embedded into some LLM output).

If anything, Open Source Security has *worked*.

#cypersecurity #OSS

Microsoft is being hacked and nobody cares. There are no consequences. If you rely on #Linux and #foss and it goes wrong, it's your fault. If you rely on #Microsoft and it goes wrong, it's Microsoft's fault. Win-win.

#cypersecurity #cozybear

https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

Free Article: #CyperSecurity FBI, UK Crime Agency Say They Have Disrupted LockBit Cyber Gang
Law enforcement from 11 agencies participated in operation
Ransomware websites used by hackers seized to thwart attacks https://www.bloomberg.com/news/articles/2024-02-19/fbi-uk-crime-agency-say-they-have-disrupted-lockbit-hacking-gang?accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb3VyY2UiOiJTdWJzY3JpYmVyR2lmdGVkQXJ0aWNsZSIsImlhdCI6MTcwODM4MjgxNywiZXhwIjoxNzA4OTg3NjE3LCJhcnRpY2xlSWQiOiJTOTQ4WUFUMEcxS1cwMCIsImJjb25uZWN0SWQiOiI4QkU4ODVEMzMzNzI0OTI1QjNFQkJEOTY3MzU3OEIxNCJ9.SmwV4uOOwRxJJYBT0sSEf_fzPsvFib9hUW_PbdYzjLc

MoD cybersecurity worst in Whitehall, figures reveal

The UK Ministry of Defence has by far the worst protected IT systems of any Whitehall department, with 11 "red-rated" systems.

https://www.computing.co.uk/news/4161325/mod-cybersecurity-worst-whitehall-figures-reveal

#uk #technews #cni #mod #infosec #cypersecurity #ukpol #ukgov

So Weihnachten sitzen alle zusammen und lösen #sudoku und ich lese ein paper wie Informatiker sodoku lösen...

Ach und ich schaue mir verschiedene #fernstudiums Universitäten an

Kann jemand eine für #bachelor #Cypersecurity empfehlen :P

Just saw that there is currently a No Starch press HumbleBundle deal. Never bought one before, but this one looks interesting. Anybody has some experience or opinions?

https://www.humblebundle.com/books/hacking-2023-no-starch-books

#cypersecurity #ebook #ethicalhacking