Lmst

Make it easier to find malware targeting your users: If you’re designing (or redesigning) your web presence and it includes login or authentication functionality of some sort, consider making your authentication cookie names unique to your system.

For example, instead of calling your authentication cookie “auth” or “session,” maybe call it “blue_tiger_cub” (completely contrived example). Now, if you’re hunting for credtheft or infostealing malware targeting your brand, your searches just got a whole lot more targeted.

This does have me thinking though…could you rotate the authentication cookie name on a regular basis?

Or maybe we could just move away from cookies for session management and use an extended version of something like #webauthn to sign every single request, but I digress…

#malware #webauthentication #cookies #securityarchitecture #threathunting #yara

RT from NewswireTODAY (@NewswireTODAY)

NewswireToday / Tiempo Secure becomes a Strategic Member of RISC-V International #TiempoSecure #RISC_V #ISA #TESIC #RV32IMCB #TESICSecure #SystemonChips #SoC #IntellectualProperty #IP #Microelectronics #iSIM #iUICC #EMVCo #WebAuthentication #Electronics - http://newswiretoday.com/news/178681/

Original tweet : https://twitter.com/NewswireTODAY/status/1579921485476425728

Une question de #cybersécuritay, les gens : #WebAuthentication https://www.w3.org/TR/webauthn/ c'est pile le même concept que l'authentification par clé publique pour #SSH, non ? Bien sûr, le protocole est différent, mais le concept est le même. Ou alors Web Authentication fait un truc en plus que SSH mais lequel ?