Security

• The Absurdly Underestimated Dangers of CSV Injection
• I’m harvesting credit card numbers and passwords from your site. Here’s how
• Part 2: How to stop me harvesting credit card numbers and passwords from your site
• Cross-Site Request Forgery (CSRF)
• Cross-Site Request Forgery is dead!
• Preventing cross-site attacks using same-site cookies
• Target=”_blank” — the most underestimated vulnerability ever
• Cryptanalysis of hashids
• How to Integrate “No CAPTCHA reCAPTCHA” in Your Website
• How to lose $8k worth of bitcoin in 15 minutes with Verizon and Coinbase.com
• Hacker, Hack Thyself. Discourse’s real security strength
• BLAKE2 — fast secure hashing
• CRIME “Compression Ratio Info-leak Made Easy”
• On CIA Crypto J.P.Aumasson (2017)
• Auditing code for crypto flaws: the first 30 minutes J.P.Aumasson (2017)
• Obscurity is a Valid Security Layer
• Mass-login attack on Basecamp
• Zoom Zero Day: 4+ Million Webcams & maybe an RCE?
• Endlessh: an SSH Tarpit