AutoSpill the beans: not THAT big a deal

from blog Recyclebin.zip, | ↗ original
Research can be interesting, useful for risk management purposes, helpful to those building software and even entertaining. Sometimes, the usefulness of research is undone by the public discourse on a security issue. In the last few weeks, you’ve heard of “AutoSpill”, a vulnerability affecting multiple password managers on Android. I’ve heard...
This is a short summary. ↗ Open original to view full content

Related

Ichthyology: Phishing as a Science
karla.io | original ↗
Biosecurity Culture, Computer Security Culture
Jeff Kaufman's Writing | original ↗
Security First: Best Practices for Effectively Securing your Applications
J. Pereira | original ↗
How Not To Run A Vulnerability Disclosure Program
Jeffrey Paul | original ↗
Security means securing people where they are
ENOSUCHBLOG | original ↗
Intro to Privacy, Security and Anonymity
The Blog of Random | original ↗
Security.txt in the wild
Gonçalo Valério | original ↗
Notes on Multiple Encryption and Content Filtering
Educated Guesswork | original ↗
Phishing Leaves a DMARC Trail
Brightball Articles | original ↗
The $12,000 Intersection between Clickjacking, XSS, and Denial of Service
Blog | Sam Curry | original ↗

More from Recyclebin.zip

Magic/Tragic Email Links: Don't make them the only option
7 Jan 2025 | original ↗

The term “Magic Links” once meant a futuristic PDA. Nowdays, companies like Auth0 use it to refer to the slightly-magical feat of including a login link in an email. Last week, the great website you should subscribe to if you haven’t already (it’s great, when you’re not logged out), 404 Media, posted “We Don’t Want Your Password” in defense of...

The Verge: Subscription and Trackers
3 Dec 2024 | original ↗

The Verge now has a subscription offering. RSS feeds? Great. Fewer ads and trackers? Sounds promising. But how much less annoying is it actually? To find out, I disabled my fortress of ad and tracker blocking (clean browser profile, no extensions, no Little Snitch, VPN-ed into a naked network). Then, I tested a car review across three setups,...

Apple: Let us be Polymacous
21 Nov 2024 | original ↗

Apple’s focus on security and privacy is making them release features that only work on devices on the same iCloud account, which will counterintuitively hurt people’s privacy as they log in to personal iCloud accounts on devices owned by their employers. As the Apple blogosphere is dominated by very good independant writers, this is an issue...

Before Preaching, Stop Punching Yourself
4 Oct 2024 | original ↗

Originally posted on the JupiterOne blog. Some seem to love Cyber Security Awareness Month. Of course, at least as many despise it, because it makes no sense to have intense focus for one month and then forget about it for the other 11. Without saying if I love it or if I hate it, I decided to write a set of rules. If any of this is a problem in...

Managing Apple Intelligence via MDM
25 Sept 2024 | original ↗

This summer, since WWDC, I was repeatedly asked: How do I disable Apple Intelligence on our company laptops? Apple Intelligence didn’t exist yet. Not even in the betas, plus, Apple is pretty strict around betas and NDAs. The features were clearly going to roll out in stages throughout the year, so my answer was always, “Yeah, you’ll probably be...