OAuth is nice and taking over the world... but don't weaken the security, follow all the steps and verify the tokens you get handed.

The spectre attack still has real world effects... This affects Safari this time.

If you got to implement an OAuth integration. Please be responsible and don't do this... this could lead to very serious breaches for your users.

This is a bad case of content moderation if it gets presented to users like this... but Google is not going to leave advertisement money on the table. The way browsers changed in recent years also make this kind of deceptions easier (harder to check certificates, hard to spot punycoding).

Looks like a nice tool to check if your SSH config is secure. Works both for servers and clients.

This is a hard problem to solve, and going multi-modal makes it harder in my opinion.

Interesting deep dive into the latest massive DDoS attack seen in the wild.

If you're using a GNOME base environment be responsible and make sure you install your security patches.

Very refined attack including the social engineering side of things. Catching developers with coding challenges, it's definitely cunning.

An attack which doesn't want to die. Time to retire RSA use with TLS, this is really overdue.

Really a bad summer for Microsoft security wise. Trust should be low among Azure customers now. Who was paying attention though?

Totally missed this over the summer... this is a huge breach. It will have a long lasting impact. The scope might be larger than we expect.

Interesting new side-channel attack. A bit mind boggling to be honest. Only one browser seems affected so far (since it's Chrome probably most of its variants are affected as well).

Interesting and unfortunate security issue... This is admittedly a somewhat unusual setup though, but to be kept in mind I think.

What a bad idea. From the information at hand I don't see how this can go well.

Nicely explain how to secure your webhooks step by step.

Good explanations, the parallel and history perspective on Palladium is right. It's the same fight than 20 years ago, it shows up its ugly head regularly. Time to collectively say no once more.

This is a good list, should be seen as a starting point there are more things to do after this. I'm thinking for instance about adding fail2ban to the mix.

Signature of digital documents is definitely not as safe as we would like. All the serious formats have known flaws at this point.

This is an excellent and needed work of contextualization. Ten years after, looking back at how the Snowden Revelations impacted the internet and the work done by the IETF. It also shows there is plenty more to do...