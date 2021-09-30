Security Leftovers
-
Why I Hate Password Rules
The other day I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to generate this 16-character alphanumeric password:
:s^Twd.J;3hzg=Q~
Which was rejected by the site, because it didn’t meet their password security rules.
-
New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks
The White House, via Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, tasked CISA, as the operational lead for federal cybersecurity, to “develop a standard set of operational procedures (i.e., playbook) to be used in planning and conducting cybersecurity vulnerability and incident response activity” for federal civilian agency information systems. In response, today, CISA published the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. The playbooks provide federal civilian executive branch (FCEB) agencies with operational procedures for planning and conducting cybersecurity incident and vulnerability response activities. The playbooks provide illustrated decision trees and detail each step for both incident and vulnerability response.
-
Vulnerability allowing an update to be released for any package in the NPM repository [Ed: Once again we're meant to pretend that this isn't Microsoft's fault; it typically blames the victims, to whom it ships malware]
GitHub has disclosed two incidents in the NPM package repository infrastructure. On November 2, third-party security researchers ( Kajetan Grzybowski and Maciej Piechota ) as part of the Bug Bounty program announced a vulnerability in the NPM repository that allows you to publish a new version of any package using your account, which is not authorized to perform such updates.
-
I will pay you cash to delete your npm module
npm’s culture presents a major problem for global software security.
-
Google introduced fuzzing testing system ClusterFuzzLite - itsfoss.net
Google presented the ClusterFuzzLite project , which allows organizing fuzzing testing of code for early detection of potential vulnerabilities at the stage of continuous integration systems operation. Currently, ClusterFuzz can be used to automate fuzzing testing of pull requests in GitHub Actions , Google Cloud Build, and Prow , but support for other CI systems is expected in the future. The project is based on the ClusterFuzz platform , created to coordinate the work of fuzzing-testing clusters, and is distributed under the Apache 2.0 license.
It is noted that after the introduction of the OSS-Fuzz service by Google in 2016, more than 500 important open source projects were accepted into the continuous fuzzing testing program. Based on the checks carried out, more than 6,500 confirmed vulnerabilities have been eliminated and more than 21,000 errors have been fixed. ClusterFuzzLite continues to evolve fuzzing testing mechanisms with the ability to identify issues earlier in the peer review phase of proposed changes. ClusterFuzzLite has already been introduced into the processes of reviewing changes in systemd and curl projects, and made it possible to identify errors missed by static analyzers and linters that were used at the initial stage of checking new code.
-
The Quickest Way to Set Up HTTPS
I registered on blogs.perl.org today so that I could comment on posts about object systems. However, the very first thing I encountered was a password page with NO SSL. So, even though I have a ton to say about object systems, my first blog post will instead be about setting up SSL.
(I’m aware that this is a “legacy server problem” but I also recently learned that it doesn’t matter with traefik.)
In this grand year of 2021 you can add SSL to any site, on any architecture, for free, by adding 3 files to your server, making one small config change to Apache, and running a service. We are truly living in the future.
-
- Login or register to post comments
- Printer-friendly version
- 539 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
EverSticky: Sticky Notes App For Your Linux Desktop That Syncs With Evernote
EverSticky is a simple new Qt sticky notes tool for Linux that synchronizes with Evernote and displays rich text formatting. The application lets users quickly take notes using post-it note-like windows displayed on their desktop. The notes are automatically saved, and synchronized to Evernote (including free Evernote accounts) at a given interval or on demand. Eversticky sticky notes The sticky notes are accompanied by a tray icon from where users can create a new note (new notes can also be created by using the + button from an existing sticky note), force sync to Evernote, bring the notes to the foreground, log out of Evernote, and access the application settings. In the settings you'll find options like setting the sync interval, check for application updates, and set the tray icon style to light or dark.
Open Hardware/Modding Leftovers and Advanced Keyboards for Linux
Android Leftovers
Robert Roth: Calculator and GTK4
It was a long time since I last wrote, but important news coming up, so I thought it's time to post again. The kind Christopher Davis has spent some time on porting Calculator to GTK4, a process which looks like complete to me know, with the merge into master happening fairly soon. This was a lot of work, given the framework changes, and would be nice to have some testing mileage on it, so I'm asking the curious people to check it out, and report any issues you may find. Currently it is only available on the merge request branch, but it is fairly easy to try out using Builder. Thanks go out to the developers behind Builder+Flatpak for building up the whole ecosystem which makes development fairly easy without breaking the local environment, and without having to maintain a full JHBuild environment.
Recent comments
1 hour 12 min ago
1 hour 15 min ago
3 hours 2 min ago
4 hours 8 min ago
4 hours 16 min ago
19 hours 39 min ago
20 hours 40 min ago
1 day 30 min ago
1 day 1 hour ago
1 day 2 hours ago