-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Sep 24, 2022
> This is an opinionated, “quick-start” guide to using passkeys as a web developer. It’s hopefully broadly applicable, but one size will never fit all authentication needs and this guide ignores everything that’s optional. So take it as a worked example, but not as gospel.
> It doesn't use any WebAuthn libraries, it just assumes that you have access to functions for verifying signatures. That mightn't be optimal—maybe finding a good library is better idea—but passkeys aren't so complex that it's unreasonable for people to know what's going on.
> Jit, a startup programming security company, dreams of being a top security power. To help make those dreams a reality, Jit recently hired Simon Bennetts, the founder of the world's most popular web app security scanner, Open Web Application Security Project (OWASP) Zed Attack Proxy (ZAP).
> CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
> A second lot of data claimed to be from Optus has been advertised for sale on a Web forum, with 100 sample records being linked to as proof that it is genuine.
> Emsisoft security researcher Brett Callow pointed out in a tweet that the account stated, "No sale will be made for 1 week until Optus reply".
> He said this implied it could be a case of attempted extortion. iTWire has sought a reaction from Optus about this. The Optus breach was made public on Thursday.
-- Response ended
-- Page fetched on Sat Jun 1 08:56:59 2024