public marks

PUBLIC MARKS with tag security

This month

February 2018

Validating Leaked Passwords with k-Anonymity

by srcmax
Today, v2 of Pwned Passwords was released as part of the Have I Been Pwned service offered by Troy Hunt. Containing over half a billion real world leaked passwords, this database provides a vital tool for correcting the course of how the industry combats modern threats against password security.

January 2018

December 2017


by dzc
a linting tool for the web: accessibility, speed, security, and more (best practices and common errors)

November 2017

FIR - ABOUT:CONFIG - Overview of Firefox's about:config security and privacy preferences | gHacks Technology News

by decembre
- dom.allow_scripts_to_close_windows Defines whether scripts can close windows in the browser. True: Scripts may close any window. False: Scripts may only close windows opened by scripts. (default) - dom.disable_image_src_set Determines whether JavaScript is allowed to manipulate images displayed in the browser. True: Scripts are allowed to change images. False: Scripts are not allowed (default) _ dom.event.clipboardevents.enabled Determines whether websites are allowed to access clipboard contents (check out: Block websites from reading or modifying Clipboard contents in Firefox for additional information). True: Websites may read or modify clipboard events. (default) False: Blocks access. - dom.event.contextmenu.enabled Determines whether websites are allowed to block access to the right-click context menu. True: Websites may manipulate the context menu. (default) False: Web pages won't be allowed to manipulate or block the context menu. - dom.popup_allowed_events Defines the JavaScript events that are allowed to create popup windows. change click dblclick mouseup reset submit touchend - Determines if location aware browsing is enabled. True: Location Aware browsing is enabled. (default) False: The feature is disabled which means that you won't get prompts on websites using it. - geo.wifi.uri The data provider used to power Firefox's geolocation feature. (Check out how to switch to a Mozilla operated service) - network.http.referer.XOriginPolicy Defines when to set the referrer (the page a visit originated from). 0: Never send it. 1: only send if the base domain matches. 2: only send if hosts match. - plugin.state.flash The default state of the Flash plugin. See How to make sure Firefox plugins never activate again for more information. 0: turns off the Flash plugin in Firefox. 1: sets the Flash plugin to ask to activate. 2: enables the Flash plugin.

FIR 57> - CSP - ABOUT CONFIG - How to enable Firefox WebExtensions on Mozilla websites - Mozilla Firefox 57 - privacy.resistFingerprinting.block_mozAddonManager - TRUE - - FORUM

by decembre
How to enable Firefox WebExtensions on Mozilla websites (in - Load about:config in the Firefox web browser. - You can run a search for just to make sure it does not exist: privacy.resistFingerprinting.block_mozAddonManager. It does not in the most recent Firefox Nightly builds at the time of writing. - Right-click in the part of the window that lists the preferences, and select New > Boolean from the context menu. - Name the new Boolean value: privacy.resistFingerprinting.block_mozAddonManager. - Set its value to true.

October 2017

September 2017

August 2017

July 2017

May 2017

Let them paste passwords - NCSC Site

by Spone
We think that stopping password pasting (or SPP) is a bad thing that reduces security. We think customers should be allowed to paste their passwords into forms, and that it improves security.

Things to Use Instead of JWT | Kevin Burke

by Spone
You might have heard that you shouldn't be using JWT. That advice is correct - you really shouldn't use it. In general, specifications that allow the attacker to choose the algorithm for negotiation have more problems than ones that don't (see TLS). N libraries need to implement M different encryption and decryption algorithms, and an attacker only needs to find a vulnerability in one of them, or a vulnerability in their combination. JWT has seen both of these errors; unlike TLS, it hasn't already been deployed onto billions of devices around the world.

April 2017

VersionEye - Notification System for Software Packages

by dzc
notifies you about security vulnerabilities, license violations and out-dated dependencies in your Git repositories. Free : 1 private and 4 Open Source Projects

March 2017

Privacy Tools

by wabaus & 2 others
Tools for privacy on devices & across the Internet.

February 2017

January 2017 by YesWeHack ! The Right Path to Responsible Disclosure

by srcmax
In constant contact with its community of security researchers, YesWeHack can testify that it is complex for a security researcher and therefore, for a whistleblower to report security flaws -in a responsible way- to impacted organisations. Especially, if those organisations do not have a Bounty Bounty program registered on

Active users

last mark : 07/03/2018 18:23

François Hodierne
last mark : 27/02/2018 14:41

last mark : 20/01/2018 20:52

last mark : 19/12/2017 15:36

last mark : 13/12/2017 10:34

last mark : 16/10/2017 09:18

last mark : 26/07/2017 22:14

last mark : 04/03/2017 16:49

last mark : 02/02/2017 15:50