It wouldn't always be a mistake. Moderna stock is significantly lower than it was in 2021 so the CEO could be harvesting losses.
I've been on hundreds of calls for both and have personally had far more issues with zoom than google. I also prefer Google's UI and security model, and Google's pricing is better for companies using gmail.
Google's advanced security is a good example of an actual implementation of fido2 where they've had to deal with real world threats and device usage. They require multiple fido2 devices (for dealing with the…
Looks exciting! It is kind of disappointing the AI generated main example on their home page has what appears to be a url encoding bug in it though (in text=${text}, text should be url encoded before being passed to…
~1/5 of Apple's Services revenue comes from having google be the default search ($9-10B per year), so I wonder if this new search will coincide with them ramping up their own search ads business…
This seems to predate FIDO2. https://solokeys.com/ would be a better option if you prefer separate keys for each site (via FIDO2) and open source hardware.
I agree that short term providers will likely take in less money with a "Medicare for all" solution, but I think the problem presented by this blog post is overstated/misrepresented: 1) The "Over 65" demographic visits…
ITP 2.1 also already says it will block cookies of this type if it matches Safari's completely non-transparent ML model for "tracking cookies". Also Chrome pushed back the release date of this new default from end of…
Do economic experts still think trickle down/supply side economics are a good idea? It seemed to be a controversial issue among economists in the 70s and 80s. From what I could find, the modern consensus among…
It's a bit disappointing their demo doesn't appear to leverage certificate transparency logs as a source of truth for which certs are out there and instead relies on pinging the server directly
In the technical details, he has a link to the open source on github. Here's the js that's actually doing the preloading: https://github.com/instantpage/instant.page/blob/master/inst...
Prepared statements tend to be the best answer for most cases which is similar to the approach you describe but is natively supported by most SQL dialects and also improves performance. In my experience, many developers…
Seems like a bit of an oversight that they are including third party tracking scripts like googletagmanager.com in the same context as the javascript doing encryption. If you need user tracking, at least put the…
The "generic NFC" support you refer to is read only which means that protocols like U2F still don't work so usability of U2F for iPhone users is still not there (without bluetooth keys which have their own problems).
No this is an issue with Newegg. They had the option to either "Begin collecting sales tax from Connecticut customers going forward and send that money to the state, or turn over the records." They chose to give their…
Do you have any more details around such an attack? The only HSTS bypasses I am aware of that were possible with control over DNS were dependent on browser vulnerabilities that have been long since fixed or required the…
Android: https://source.android.com/security/
Chrome is listed as impacted due to javascript being able to read memory from outside the browser sandbox. "In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to…
Some interesting arguments suggesting what he is saying is at least partially wrong: https://www.reddit.com/r/AskHistorians/comments/74penu/walki...
So from reading this over it sounds like you are enabling an endpoint on your site with both CSRF protection enabled that also sends CORS headers to allow for cross origin ajax calls. This could be a workable solution…
As stated in the article, they need to reach 11 billion miles to get the confidence level they are looking for. So extrapolating this, it would take 5500 cars a decade of round the clock testing to actually meet the…
One thing that is kind of unique about this vulnerability is that users can actually prevent attacks from happening by checking the permissions on an untrustworthy app because google has permissions controls built in…
It wouldn't always be a mistake. Moderna stock is significantly lower than it was in 2021 so the CEO could be harvesting losses.
I've been on hundreds of calls for both and have personally had far more issues with zoom than google. I also prefer Google's UI and security model, and Google's pricing is better for companies using gmail.
Google's advanced security is a good example of an actual implementation of fido2 where they've had to deal with real world threats and device usage. They require multiple fido2 devices (for dealing with the…
Looks exciting! It is kind of disappointing the AI generated main example on their home page has what appears to be a url encoding bug in it though (in text=${text}, text should be url encoded before being passed to…
~1/5 of Apple's Services revenue comes from having google be the default search ($9-10B per year), so I wonder if this new search will coincide with them ramping up their own search ads business…
This seems to predate FIDO2. https://solokeys.com/ would be a better option if you prefer separate keys for each site (via FIDO2) and open source hardware.
I agree that short term providers will likely take in less money with a "Medicare for all" solution, but I think the problem presented by this blog post is overstated/misrepresented: 1) The "Over 65" demographic visits…
ITP 2.1 also already says it will block cookies of this type if it matches Safari's completely non-transparent ML model for "tracking cookies". Also Chrome pushed back the release date of this new default from end of…
Do economic experts still think trickle down/supply side economics are a good idea? It seemed to be a controversial issue among economists in the 70s and 80s. From what I could find, the modern consensus among…
It's a bit disappointing their demo doesn't appear to leverage certificate transparency logs as a source of truth for which certs are out there and instead relies on pinging the server directly
In the technical details, he has a link to the open source on github. Here's the js that's actually doing the preloading: https://github.com/instantpage/instant.page/blob/master/inst...
Prepared statements tend to be the best answer for most cases which is similar to the approach you describe but is natively supported by most SQL dialects and also improves performance. In my experience, many developers…
Seems like a bit of an oversight that they are including third party tracking scripts like googletagmanager.com in the same context as the javascript doing encryption. If you need user tracking, at least put the…
The "generic NFC" support you refer to is read only which means that protocols like U2F still don't work so usability of U2F for iPhone users is still not there (without bluetooth keys which have their own problems).
No this is an issue with Newegg. They had the option to either "Begin collecting sales tax from Connecticut customers going forward and send that money to the state, or turn over the records." They chose to give their…
Do you have any more details around such an attack? The only HSTS bypasses I am aware of that were possible with control over DNS were dependent on browser vulnerabilities that have been long since fixed or required the…
Android: https://source.android.com/security/
Chrome is listed as impacted due to javascript being able to read memory from outside the browser sandbox. "In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to…
Some interesting arguments suggesting what he is saying is at least partially wrong: https://www.reddit.com/r/AskHistorians/comments/74penu/walki...
So from reading this over it sounds like you are enabling an endpoint on your site with both CSRF protection enabled that also sends CORS headers to allow for cross origin ajax calls. This could be a workable solution…
As stated in the article, they need to reach 11 billion miles to get the confidence level they are looking for. So extrapolating this, it would take 5500 cars a decade of round the clock testing to actually meet the…
One thing that is kind of unique about this vulnerability is that users can actually prevent attacks from happening by checking the permissions on an untrustworthy app because google has permissions controls built in…