Human, Dustcake, Engineer
Doing my best to make the world a little better every day.
❤️ J9
news.ycombinator.com/user?id=lindner
@exk4ji+mpb4mdiCG5KVHxIMCo0as4k4/cIwRoxt3Aw4=.ed25519
www.openhub.net/accounts/plindner
dl.acm.org/profile/99659334862
Recasting Algorithmic bias as security vulnerabilities with specific harms and a bug bounty is brilliant! Now I want a "Project Zero" team to go out and find these.
https://
Verifying my Knowledge Panel.
Didn't expect to have to Include a selfie with my ID.
Remembering people that used to have fake IDs just to buy booze it seems like a bit of security theater...
MLS provides a security layer for group messaging applications with from two to a large number of clients. It is meant to protect against eavesdropping, tampering, and message forgery.
Whoa, Ratchet trees...
https://
CitC on mac, really hope security kittens are in my favor..
https://
#googplus
On my 3rd Nexus 6p. Things I have learned:
- Always upgrade the new phone to the latest build or backup/restore breaks. (With security updates that meant *6* restarts.)
- Good time to prune unused Apps.
- Don't forget to recache: Play Music playlists and Maps Offline data.
- Open each app one-by-one to get rid of "Okay, got it" prompts.
Things that are still painful:
- Entering long 20 character passwords in apps
- Transferring TOTPs in Authenticator
#googplus
ZeroTier looks really, nice. Sadly I suspect it violates many security kittens...
https://
#googplus
Anyone from Security team want to sign on to this? Cory Doctorow asked me to send it onwards.
https://
#googplus
So I was just saying to myself wouldn't it be great if we could have incognito iframes and behold! there it is.. iframe sandbox's unique origin solves that problem...
Anyone using this in practice? I'd love to use this as a way to serve up 3P content and supply the appropriate user information directly from the parent via postMessage to avoid user-overlap confusion.
http://
#googplus
Security Escalation help?
We found about 1m users that are infected with a chrome extension that rewrites search result pages (See http://
- Can we notify those 1m users that they are infected?
- Can we detect that this extension is running on the SRP and stop it?
I can't tell who on Search to raise this issue to, and I cannot see who would coordinate an outreach program to the poor folks that are getting a crappy chrome experience due to the dodgy extension...
Thanks
#googplus
A bit tired of wordpress security issues. I've had to help friends get upgraded after they got _pharma'd_ and today the LinkedIn blog was compromised. What's funny is that they reset my LinkedIn account in addition to my WP account..
[and no I didn't realize that I still had access to the LinkedIn blog :)]
#googplus
Take your Security vitamins!
Security reviews may seem unpleasant, but they're really important to defend our users against the bad folks out there and just plain unintentional sloppiness.
I have to commend the team, their diligence revealed some hair raising issues in a SaaS partner that could have had disastrous consequences for us and all of said partner's customers.
[image CC BY-NC-SA from http://
https://
#googplus
Shindig security tokens can be made into bearer tokens without much difficulty re: http://