How To Enforce Stronger Customer Passwords
- Paul Asjes tl;dr: A common cause of data breaches and account hijacking is customers using weak or common passwords. To solve this problem, Dropbox created zxcvbn, an OS library that calculates password strength based on factors like entropy, dictionary checks, and pattern recognition. If you want an easy way to implement user password security in your app, check out AuthKit, an open-source login box that incorporates zxcvbn and other best practices to provide a much more secure onboarding experience for new users.featured in #514
Stealing Your Telegram Account In 10 Seconds Flat
tl;dr: “This attack is incredibly easy to pull off even for a low-skill attacker. Assuming some higher forces have already set up a custom domain for you, all you need to know is how to tap on a link and add a letter onto the URL bar. You don’t need any specialized tools, you don’t need to know anything about the target, you don’t even need a phone.”featured in #512
featured in #509
What We Know About The xz Utils Backdoor That Almost Infected The World
- Dan Goodin tl;dr: “A lone Microsoft developer rocked the world when he revealed a backdoor had been intentionally planted in xz Utils, an open source data compression utility available on almost all installations of Linux and other Unix-like operating systems. The person or people behind this project likely spent years on it. They were likely very close to seeing the backdoor update merged into Debian and Red Hat, the two biggest distributions of Linux, when an eagle-eyed software developer spotted something fishy.”featured in #503
Are You Ready For PCI DSS 4.0?
- Robert Curlee tl;dr: If your organization handles or processes card payment data, an important milestone is upon you with the coming retirement of PCI DSS 3.2.1 and the following adoption of the new PCI DSS 4.0 standard. SonarQube can help you prepare for the new PCI DSS 4.0 requirements by identifying vulnerabilities, automating standards enforcement, conducting regular code reviews, and training developers on secure coding practices.featured in #498
Why Passkeys Improve User Security & How to Implement Them.
tl;dr: Passwords are a headache for users and a security risk for organizations. Passkeys, a cutting-edge solution rooted in public key cryptography, are poised to revolutionize authentication, improving security and usability for all. This paper talks about how they work and how to implement them into your ecosystem.featured in #487
Keep Your Secrets From Leaking
- Alexandre Gigleux tl;dr: Secrets in your source code, when leaked, expose you to a security vulnerability due to illicit access to your private data. Sonar can find secrets in source code in your IDE using SonarLint and also detect them in your CI/CD pipeline using SonarQube and SonarCloud.featured in #484
Keep Your Secrets From Leaking With Sonar
- Alexandre Gigleux tl;dr: Secrets in your source code, when leaked, expose you to a security vulnerability due to illicit access to your private data. Sonar can find secrets in source code in your IDE using SonarLint and also detect them in your CI/CD pipeline using SonarQube and SonarCloud.featured in #483
Common Authentication Implementation Risks And How To Mitigate Them
- James Hickey tl;dr: Data breaches are more common than ever. Ensuring a secure authentication system is critical to your trust with customers. Whether you build or buy your auth solution, this article offers insights into secure practices that can help keep you and your customers safe.featured in #467
What Is Aleo, The Privacy-First Blockchain?
- Brenner Schlueter tl;dr: Aleo's data security uses zero-knowledge tech to keep information safe while enabling seamless online services. It's a game-changer for developers.featured in #460