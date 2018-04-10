Security: Updates, 'Cloud' Hardening, Two Factor Authentication, Launchpad
Security updates for Tuesday
Security updates for Wednesday
Simple Cloud Hardening
I've written about simple server-hardening techniques in the past. Those articles were inspired in part by the Linux Hardening in Hostile Networks book I was writing at the time, and the idea was to distill the many different hardening steps you might want to perform on a server into a few simple steps that everyone should do. In this article, I take the same approach only with a specific focus on hardening cloud infrastructure. I'm most familiar with AWS, so my hardening steps are geared toward that platform and use AWS terminology (such as Security Groups and VPC), but as I'm not a fan of vendor lock-in, I try to include steps that are general enough that you should be able to adapt them to other providers.
Chrome, Edge and Firefox could soon be password-free thanks to WebAuthn standard
Firefox, Chrome and Edge Will All Support WebAuthn’s Hardware Two Factor Authentication
Don’t Give Away ‘Secret Question’ Answers on Social Media
How Copy-Pasted Text Can Hide a Secret Message That Narcs on You
[Older] Cyber security warning issued over Turkey
The Ministry of Foreign Affairs of the Netherlands has warned Dutch travelers visiting Turkey that the safety of their electronic devices could be compromised, according to reports.
Launchpad security advisory: cross-site-scripting in site search
Mohamed Alaa reported that Launchpad’s Bing site search implementation had a cross-site-scripting vulnerability. This was introduced on 2018-03-29, and fixed on 2018-04-10. We have not found any evidence of this bug being actively exploited by attackers; the rest of this post is an explanation of the problem for the sake of transparency.
