With a lot of attacks against Twitter passwords, VK and LinkedIn recently (or not so recently), it became also clear that people use the same passwords for different services. On Tuesday, someone used those password lists to sign into Github. Is this a reason for apps to provide or promote Two Factor Authentication?
Ah, and here are this week’s articles worth reading:
Rails 5 changes protect_from_forgery execution order
Self-Destructing Cookies
Another safe-browsing add-on to delete all cookies when you close a tab in Firefox.
Should you use Ruby’s SecureRandom?
There’s a discussion about the security of the SecureRandom Ruby module going on. Some researchers now recommend using a different gem.
Ruby authentication: Secure your Rack application with JWT
Hack: XSS via a Facebook page name
A reminder that XSS really can happen anywhere.
HelpSpot Vault
Service to send encrypted messages that expire.
PS: This newsletter grows only by word of mouth. If you think someone could be interested in it, please use the sharing (Twitter, E-Mail) below. Thank you!
