Holger @schaueho@functional.cafe

Very good article by Matthew Garrett: Can we fix bearer tokens?
https://mjg59.dreamwidth.org/59704.html
#security

If you're skeptical of security by facial identification, you're right:
"Master faces that can bypass over 40% of facial id authentication systems"

https://www.unite.ai/master-faces-that-can-bypass-over-40-of-facial-id-authentication-systems/

#security

The Morning Paper has a fascinating review of how to completely break face recognition via infrared: https://blog.acolyer.org/2019/10/15/invisible-mask/
#security

Password storage in Firefox was leaky, cf. https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/
#security #firefox

Another harsh critique on PGP, with unfortunately a lot of good arguments: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
#security #pgp

John Goerzen takes a look at desktop security on Linux and comes up pretty much empty-handed: https://changelog.complete.org/archives/10006-the-desktop-security-nightmare

Personally, I've never looked deeper into AppArmor or SELinux. I struggle quite a bit with maintaining my iptables already, everything in addition looks like too much. #security #linux

Just watching https://youtu.be/4XdF4OiAAzU about security in the node.js environment, which is quite terrifying.

I wonder what measurements are taken on other similar platforms like clojars, mvn or pypi. #security

xkcd 2166 -- Stack:

https://xkcd.com/2166/

Looks legit. #security #xkcd

All Firefox extensions get disabled due to a certifucate fuckup: https://bugzilla.mozilla.org/show_bug.cgi?id=1548973
Srsly, Mozilla? #firefox #security

John Goerzen reviews email providers that claim to focus on #security and #privacy (e.g. protonmail): http://changelog.complete.org/archives/9952-review-of-secure-privacy-respecting-email-services