/Security

Accidental $70k Google Pixel Lock Screen Bypass

- David Schütz tl;dr: "I found a vulnerability affecting seemingly all Google Pixel phones where if you gave me any locked Pixel device, I could give it back to you unlocked. The bug just got fixed in the November 5, 2022 security update. The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain access to the user’s device."

featured in #367

How Passwordless Works

- Alan Parra tl;dr: This blog post by Teleport explains how passwordless can be implemented using modern technologies such as WebAuthn, while at the same time providing a better user experience and security than the traditional password-based approach.

featured in #366

Without Prep, Even The Most Scalable And Reliable Developer Tools Can Be Hit With Outages

tl;dr: Get actionable tactics from the experts who built incident response frameworks for Snyk, PagerDuty, New Relic, Netflix, Chef, and Amazon at the DevGuild: Incident Response conference on Nov 15-17. Avoid costly outages - secure your free ticket.  

featured in #365

How To Prevent Secrets From Ending Up On Developer's Machines

- Ryan Blunden tl;dr: Even with environment variable storage offered by modern hosting platforms and secrets managers provided by every cloud, developer's machines are still littered with secrets in unencrypted text files because local development was left out of the picture. Learn how to prevent secrets from ending up on developer's machines.

featured in #357

How Passwordless Works

- Alan Parra tl;dr: This blog post by Teleport explains how passwordless can be implemented using modern technologies such as WebAuthn, while at the same time providing a better user experience and security than the traditional password-based approach.

featured in #354

A Few Thoughts About Uber's Breach

tl;dr: "Allegedly, an 18 year old spammed an employee with 2FA via push notifications on an employee with a known password. They got into the VPN and scanned for servers, found a file share without any access controls, and a script that could access break-the-glass credentials. With the highest level of credentials available, they then got effective root access to Slack, AWS, Google Suite, and active directory at Uber."

featured in #353

Compliance Simplified: Demystifying Risk Assessment

tl;dr: An information security ("InfoSec") risk assessment is not only a security best practice but also necessary to meet the requirements of the ISO 27001, SOC 2, PCI DSS, and HIPAA compliance standards. Learn more from cybersecurity and data privacy expert Matt Cooper in this short video!

featured in #352

The SOC 2 Compliance Checklist

tl;dr: Ready to simplify the time-consuming, tedious process of proving compliance — starting with industry fave SOC 2? Here’s a free SOC 2 compliance checklist from Vanta, the leading automated security and compliance platform. Attend a demo, and lunch is on Vanta.

featured in #350

Why Automation Is Crucial For Security And Compliance

tl;dr: "Good security not only minimizes downside, but also enables faster growth. Learn how an automated security and compliance platform improves security posture, stands up to security audits, and can get you compliant in just weeks."

featured in #347

How To Prevent Secrets From Ending Up On Developer's Machines

- Ryan Blunden tl;dr: Even with environment variable storage offered by modern hosting platforms and secrets managers provided by every cloud, developer's machines are still littered with secrets in unencrypted text files because local development was left out of the picture. Learn how to prevent secrets from ending up on developer's machines.

featured in #345