a collection of links on various security topics
43
stars
7
forks
source link
This list is constantly being expanded
Password Manager: Tavis Ormandy's opinion on Password Managers , also fatal flaws in deterministic password managers. How did LastPass master passwords get compromised, how their source code was stolen, how password vaults were obtained and even a year after the disastrous breach, LastPass has not improved . Bitwarden design flaw : Server side iterations. (In)Security of the Unix "Pass " password manager. KeePass's InSecurity against local attackers , A Case Study in Attacking KeePass Part 1 , 2
Networking 101 YouTube
The Six Dumbest Ideas in Computer Security
How to test your DNS (security & privacy)How to test website (security, privacy & cookies ) How to test your Why the FBI can’t get your browsing history from Apple iCloud (and other scary stories)
Why GPG/ (Open-)PGP isn't recommend problems are
Check if your email/ phone number or password is in a data breach
Understand the security risks sufficiently against abusing
Some examples why browser extensions are bad - since at least 2015 until today - even big ones like Skype Adobe and how they make your fingerprint unique or bypass your 2FA and Chrome extensions can steal your passwords from websitesread what countless security experts and Washington Post have to say about linux insecurity / Security Circus hacks , dangerous All vendor kernels are plagued with security vulnerabilities (encryption is also broken )Some Thoughts about the NSO Group's Pegasus
An Antivirus does not improve your security and even collect and sell your data or force-install unwanted crapEnumerating badness(Electron; nodejs) Applications that run Chromium without the Sandbox
test your ISP (Internet Service Provider) Border Gateway Protocol (BGP) securityStop using (encrypted) Email
FLOSS doesn't imply security
Email Security Pitfalls
End-to-End Encryption in Web Apps
Docker - the security nightmare of dependencies and hidden place for malware, exposed secrets and private keys and also with "Hub" a place for millions of malicious repositories
SIM Card Hijacking : How it works and what you can do about it
SS7 Attacks: Intercepting SMS and calls as easy as ABCMessenger (problems): Whatsapp's Backups , Signal's Sealed Sender and downplayed encryption key flaw, Telegram 's Cryptanalysis very old InSecurity , Three Lessons from Threema , Converso - how to uncover extraordinary claims , Tox handshake vulnerablity
Browser Insecurity: Pale Moon , ungoogled-Chromium , Brave , Avast Browser , Arc Browser
SMS phishing is way too easyWhy you shouldn't use services with their leaks . If needed, use MPRs avoid Electron based programs Matrix InSecurity concerns and big potential metadata issues Phishing with Chromium's Application Mode
Browser in the Browser (BITB) Attack
Chrome Browser Exploitation Part 1
graphics about PassKeys in detail and an overview of supporting websitesWhat happens when you swipe a credit card and what are the differences
What are the differences between bare metal, virtual machines, and containers
HTTP/1 to HTTP/2 to HTTP/3 - a Deep Dive
The Rising Threat to Consumer Data in the Cloud
Common pitfalls of breaking up HTTPS connections
(Motherboard vendor) MSI's (in)Secure Boot
"Sign in with" Apple
Building a Trusted Ecosystem for Millions of AppsProtecting Chrome Traffic with Hybrid Kyber KEM
fail2ban sucks , pfSense
iMessage with PQ3 post-quantum cryptographic protocol - external security review 1 , 2
Security problems with Routers like from Netgear , Netgear 2 D-Link , D-Link 2 Asus or DrayTek
how Apple handle the Digital Markets ActBreaking the DECT Standard Cipher with Lower Time Cost
IoT Device Security Specification 1.0
Cloud InSecurity: Nextcloud E2EE broken
About Apple threat notifications and protecting against mercenary spyware
WiFi - The SSID Confusion Attack
Leveraging DNS Tunneling for Tracking and ScanningSecurity research on Apple's Private Cloud Compute
