It always amazes me just how little care companies offering a security product put into the security of their services. Look through the whole thread:
I've started to compile a list of common mistakes that antivirus software is making, not unlike the one I published under https://palant.de/2018/08/29/password-managers-please-make-sure-autofill-is-secure. So far I have three perfectly avoidable issues. One antivirus had all of them, another "only" two. #infosec #antivirus #cybersecurity
EU is going to offer a bug bounty on some open source projects. @email@example.com has her doubts that this is a good idea.
A report on the #Equifax breach has been released and @firstname.lastname@example.org is analyzing it. His conclusion: 34 (in words: thirty four!) control and process failures lead to this disaster. Worth a read:
Many thanks to @email@example.com for the inspiration.
@EdOverflow@twitter.com pointed out to me that #Keybase generally doesn't seem to take security seriously. The ownership verification issues he discovered also weren't considered important enough. 1/2
The #Keybase browser extension subverts the app's end-to-end encryption. Keybase considers that "an acceptable risk" and not worth fixing.
Wladimir Palant, software developer and security researcher, browser extensions expert. He/him
Other Mastodon account for non-technical topics: https://social.tchncs.de/@WPalant
A Mastodon instance for info/cyber security-minded people.