Pinboard (wck)
https://pinboard.in/u:wck/public/
recent bookmarks from wckWhy CISOs need to adapt their mental models of security for cloud | Google Cloud Blog2022-08-30T18:29:37+00:00
https://cloud.google.com/blog/products/identity-security/why-cisos-need-to-adapt-their-mental-models-of-security-for-cloud
wckcloud Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:055178be5c13/Node.js prototype pollution is bad for app environment • The Register2022-07-25T22:37:00+00:00
https://www.theregister.com/2022/07/25/nodejs_prototype_pollution/
wcknode security prototype_pollutionhttps://pinboard.in/https://pinboard.in/u:wck/b:6257442bd089/Yet Another Perspective on Prototype Pollution | Veracode2022-07-25T22:36:55+00:00
https://www.veracode.com/blog/secure-development/yet-another-perspective-prototype-pollution
wcknode security prototype_pollutionhttps://pinboard.in/https://pinboard.in/u:wck/b:1c7929cd8b3f/Wiz Blog | Securing AWS Lambda function URLs2022-05-28T01:11:13+00:00
https://www.wiz.io/blog/securing-aws-lambda-function-urls/?ck_subscriber_id=512837865
wcklambda aws Security secure_developmenthttps://pinboard.in/https://pinboard.in/u:wck/b:5ba1dd0630da/Device and Data Access when Personal Safety is At Risk2021-05-23T19:21:49+00:00
https://manuals.info.apple.com/MANUALS/1000/MA1976/en_US/device-and-data-access-when-personal-safety-is-at-risk.pdf
wckios apple security paper domestic_violence communications_securityhttps://pinboard.in/https://pinboard.in/u:wck/b:9148e675af46/Filippo Valsorda 💚🤍❤️ ✊ on Twitter: "These checklists from Apple are gold. If you want to see if anyone else has access to your device or accounts: https://t.co/TaqbpMt672 If you want to stop sharing: https://t.co/OH83DaplUH If you want to mak2021-02-20T16:21:47+00:00
https://twitter.com/FiloSottile/status/1363158595622297604
wckapple ios Security locationhttps://pinboard.in/https://pinboard.in/u:wck/b:03a59dea05f2/Shifting Cloud Security Left — Scanning Infrastructure as Code for Security Issues2020-12-21T21:41:25+00:00
https://blog.christophetd.fr/shifting-cloud-security-left-scanning-infrastructure-as-code-for-security-issues/
wckterraform aws security scanning misconfigurationshttps://pinboard.in/https://pinboard.in/u:wck/b:e4cd6dec250f/Google - Site Reliability Engineering2020-04-08T19:15:34+00:00
https://landing.google.com/sre/books/
wckbook sre Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:14f1debd3c00/Videoconferencing Comparison on Features, Privacy, Security2020-04-02T17:08:48+00:00
https://docs.google.com/spreadsheets/d/1XNB1HvyXRmWH-ReTIpoluCtmO7hovDRWJB3JyicqEc4/edit#gid=0
wckvideoconferencing zoom Privacy Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:6b5884abb580/Cybersecurity Law, Policy, and Institutions (version 3.0) by Robert Chesney :: SSRN2020-03-02T14:47:17+00:00
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3547103
wcklegal_tech cybersecurity information security infosec CFAA FTC Act sanctions CYBERCOM NSA FBI hackback Network Investigative Techniques deterrence cyberdeterrence CISA information-sharinghttps://pinboard.in/https://pinboard.in/u:wck/b:968628b588ba/Security4Startups - Control checklist2019-11-01T15:03:46+00:00
https://www.security4startups.com/controls-checklist
wckstartups security startup_pack controls checklisthttps://pinboard.in/https://pinboard.in/u:wck/b:8769f40e1a32/Mr. Robot Uses ProtonMail, But It Still Isn't Fully Secure | WIRED2019-09-09T13:45:15+00:00
https://www.wired.com/2015/10/mr-robot-uses-protonmail-still-isnt-fully-secure/
wckSecurity protonmailhttps://pinboard.in/https://pinboard.in/u:wck/b:7a00b137b48e/ChromeOS/README.md at master · rootsecdev/ChromeOS · GitHub2019-08-19T16:28:16+00:00
https://github.com/rootsecdev/ChromeOS/blob/master/README.md
wckchromebook chrome security settingshttps://pinboard.in/https://pinboard.in/u:wck/b:d6e33b735883/Introducing LambdaGuard — a security scanner for AWS Lambda2019-06-05T18:20:12+00:00
https://medium.com/@SkyscannerEng/introducing-lambdaguard-a-security-scanner-for-aws-lambda-f5c6e23f8345
wcklamda aws security scannerhttps://pinboard.in/https://pinboard.in/u:wck/b:c485b1fa9ff6/AWS Risk Model2019-04-15T22:16:22+00:00
https://magoo.github.io/model-risk-aws/
wckaws risk InfoSec assessment model Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:8243910a4810/D-Link Camera Poses Data Security Risk, Consumer Reports Finds - Consumer Reports2018-10-31T04:55:59+00:00
https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds/
wckconsumer_reports digital_standard privacy security iothttps://pinboard.in/https://pinboard.in/u:wck/b:12cfb720edc1/T-Mobile Open Source2018-10-10T21:28:39+00:00
https://opensource.t-mobile.com/blog/posts/introducing-pacbot/
wckcontinuous security compliance assessment cloud infosec policyhttps://pinboard.in/https://pinboard.in/u:wck/b:82a585c2ed3e/Security Onion2018-09-30T18:20:27+00:00
https://securityonion.net/
wcknetwork ids security Linuxhttps://pinboard.in/https://pinboard.in/u:wck/b:a66e59b2b745/Beyond S3: Exposed Resources on AWS | Duo Security2018-05-18T22:42:49+00:00
https://duo.com/blog/beyond-s3-exposed-resources-on-aws
wckaws security s3 InfoSechttps://pinboard.in/https://pinboard.in/u:wck/b:f8b44c558355/Moving Fast and Securing Things – Several People Are Coding2018-05-04T14:08:34+00:00
https://slack.engineering/moving-fast-and-securing-things-540e6c5ae58a
wcksecurity sdlc secure_development slackhttps://pinboard.in/https://pinboard.in/u:wck/b:d45c966707cf/Continuous Delivery Sounds Great, but Will It Work Here? - ACM Queue2018-03-11T17:00:58+00:00
https://queue.acm.org/detail.cfm?id=3190610
wckcontinuous_deployment Security InfoSechttps://pinboard.in/https://pinboard.in/u:wck/b:547e6741d100/Andrew R. Whalley on Twitter: "Apple has updated their iOS Security guide for the latest iOS 11. Here's a rough diff against the iOS 10 version: https://t.co/RlKPENAfoS"2018-01-13T02:45:31+00:00
https://twitter.com/arw/status/951628965097062405?ref_src=twcamp%5Eshare%7Ctwsrc%5Eios%7Ctwgr%5Ecom.pushbullet.client.Pushbullet-Share
wckapple ios Security InfoSechttps://pinboard.in/https://pinboard.in/u:wck/b:288073a9de4c/iOS 11 has a ‘cop button’ to temporarily disable Touch ID | The Verge2017-08-18T02:14:03+00:00
https://www.theverge.com/platform/amp/2017/8/17/16161758/ios-11-touch-id-disable-emergency-services-lock
wckborder ios touch_id unlock phone mobile security mobile_securityhttps://pinboard.in/https://pinboard.in/u:wck/b:597bab94985a/My $169 development Chromebook2017-07-27T15:05:25+00:00
https://blog.lessonslearned.org/building-a-more-secure-development-chromebook/
wckchromebook development securityhttps://pinboard.in/https://pinboard.in/u:wck/b:e6939cadc965/Introduction to Auditing the Use of AWS2017-07-03T18:26:17+00:00
https://d0.awsstatic.com/whitepapers/compliance/AWS_Auditing_Security_Checklist.pdf
wckaws security compliance audithttps://pinboard.in/https://pinboard.in/u:wck/b:7723aa96cd7f/Multics B2 Security Evaluation2017-05-26T20:47:16+00:00
http://multicians.org/b2.html
wckmultics security computer_securityhttps://pinboard.in/https://pinboard.in/u:wck/b:ff9956147b55/New York AG Settles with Wireless Lock Maker Over Security Flaws : : Privacy & Information Security Law Blog2017-05-25T14:27:54+00:00
https://www.huntonprivacyblog.com/2017/05/23/new-york-ag-settles-wireless-lock-maker-security-flaws/
wckbluetooth lock iot computer_security state_ags Security software_product_liabilityhttps://pinboard.in/https://pinboard.in/u:wck/b:cb9229adbb2a/CIS Controls2017-05-24T01:02:48+00:00
https://www.cisecurity.org/controls/
wckcis security controls computer_securityhttps://pinboard.in/https://pinboard.in/u:wck/b:561ed576c288/CIS SecureSuite2017-02-22T12:21:38+00:00
https://benchmarks.cisecurity.org/
wckmac macosx Security computer_securityhttps://pinboard.in/https://pinboard.in/u:wck/b:542af2d2b820/HolisticInfoSec: The DFIR Hierarchy of Needs & Critical Security Controls2017-01-01T04:22:55+00:00
http://holisticinfosec.blogspot.com/2016/12/the-dfir-hierarchy-of-needs-critical.html
wckdfir Security cybersecurity controlshttps://pinboard.in/https://pinboard.in/u:wck/b:60bf14adf777/This startup offers a vendor-risk management solution2016-08-09T17:49:10+00:00
https://iapp.org/news/a/this-startup-offers-a-vendor-risk-management-solution/
wckvendor third_party Security liability iapphttps://pinboard.in/https://pinboard.in/u:wck/b:556ae0554f8b/Demystifying the Secure Enclave Processor2016-08-06T14:55:41+00:00
https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf
wckios apple security slides blackhathttps://pinboard.in/https://pinboard.in/u:wck/b:b20fafcc3684/Getting Into Security Engineering2016-07-28T18:53:15+00:00
https://noncombatant.org/2016/06/20/get-into-security-engineering/
wckSecurity computer_securityhttps://pinboard.in/https://pinboard.in/u:wck/b:1da901de43e2/Analog Malicious Hardware - IEEE2016-05-25T00:23:05+00:00
http://ieee-security.org/TC/SP2016/papers/0824a018.pdf
wckieee hardware chips backdoor security trojanhttps://pinboard.in/https://pinboard.in/u:wck/b:c12c036db9f3/Data Matters Essentially Equivalent: A Comparison of the Legal Orders for Privacy and Data Protection in the European Union and United States - Data Matters2016-02-19T12:08:36+00:00
http://datamatters.sidley.com/essentially-equivalent-a-comparison-of-the-legal-orders-for-privacy-and-data-protection-in-the-european-union-and-united-states/
wckBINDING CORPORATE RULES/BCR ENFORCEMENT EUROPEAN UNION GENERAL MODEL CONTRACTS NATIONAL SECURITY SAFE HARBOR SURVEILLANCEhttps://pinboard.in/https://pinboard.in/u:wck/b:30183cffbe7d/Security, Wiretapping, and the Internet2016-02-19T03:00:08+00:00
http://privacyink.org/pdf/SWatI.pdf
wckcalea network security telecom wiretaphttps://pinboard.in/https://pinboard.in/u:wck/b:ceb59df8fba3/Anonymization and Risk by Ira Rubinstein, Woodrow Hartzog :: SSRN2015-12-26T16:16:42+00:00
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2646185
wckPrivacy anonymization deidentification data release risk security openhttps://pinboard.in/https://pinboard.in/u:wck/b:3a3414902f63/This is why companies are afraid of bug bounties - Security Research - Bugcrowd Forum2015-11-25T12:57:16+00:00
https://forum.bugcrowd.com/t/this-is-why-companies-are-afraid-of-bug-bounties/813/15
wckbug_bounty vulnerability_disclosure Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:f4f268213fa1/Keys under doormats: mandating insecurity by requiring government access to all data and communications | Journal of Cybersecurity2015-11-21T02:04:55+00:00
http://cybersecurity.oxfordjournals.org/content/early/2015/11/17/cybsec.tyv009.full?ijkey=mjwJomF75oqYdwm&keytype=ref
wckcrypto encryption backdoor Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:53ae6f1e78e0/Top-ranked Advertising Network Leads to Exploit Kit « Threat Research | FireEye Inc2015-11-15T17:27:11+00:00
https://www.fireeye.com/blog/threat-research/2015/11/top-ranked_advertisi.html
wckmalvertising Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:45d00eca18a5/Common WordPress Malware Infections — Smashing WordPress2015-11-13T03:16:50+00:00
http://www.smashingmagazine.com/2012/10/four-malware-infections-wordpress/
wckwordpress vulnerabilities Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:69382fedfe23/Cybersecurity and Corporate Liability | Veracode2015-11-07T01:53:20+00:00
http://www.veracode.com/blog/2015/11/cybersecurity-and-corporate-liability
wckdata_breach vicarious_liability Security liabilityhttps://pinboard.in/https://pinboard.in/u:wck/b:406280093973/#792580 - chromium: Chromium calls home even in incognito mode with safe browsing turned off - Debian Bug report logs2015-10-26T18:35:45+00:00
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792580
wckChrome Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:c62b001f05cb/FBI — CJIS Security Policy Resource Center2015-10-16T19:42:06+00:00
https://www.fbi.gov/about-us/cjis/cjis-security-policy-resource-center/view
wckfbi Security standardshttps://pinboard.in/https://pinboard.in/u:wck/b:8063f812665c/Why is Android security so bad: Google-funded research explains | BGR2015-10-14T01:00:26+00:00
http://bgr.com/2015/10/13/why-is-android-security-so-bad/
wckAndroid android_updates Security stagefrighthttps://pinboard.in/https://pinboard.in/u:wck/b:85ae478f831a/87% of Android devices insecure because manufacturers fail to provide security updates | Light Blue Touchpaper2015-10-09T01:54:20+00:00
https://www.lightbluetouchpaper.org/2015/10/08/87-of-android-devices-insecure-because-manufacturers-fail-to-provide-security-updates/
wckandroid stagefright malware Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:cb722a7cbf32/Malware With Your News? Forbes Website Victim of Malvertising Attack « Threat Research | FireEye Inc2015-10-07T11:21:02+00:00
https://www.fireeye.com/blog/threat-research/2015/09/malvertising_attack.html
wckmalware malvertising adserved_malware Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:e3280fd70a8a/WordPress Malware - Active VisitorTracker Campaign - Sucuri Blog2015-10-01T11:28:01+00:00
https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html
wckwordpress malware Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:6d5ac0c187cb/Python For Hackers - Insinuator2015-09-29T22:06:41+00:00
https://www.insinuator.net/2015/09/python-for-hackers/
wckpython security network programming security_researchhttps://pinboard.in/https://pinboard.in/u:wck/b:5f10bafadde0/Stagefright Highlights the Mobility Prisoner's Dilemma | Veracode2015-09-16T18:27:31+00:00
http://www.veracode.com/blog/2015/09/stagefright-highlights-mobility-prisoners-dilemma-sw
wckstagefright Android Security vulnerability patchinghttps://pinboard.in/https://pinboard.in/u:wck/b:307a7d1dc278/One Great Reason To Update To iOS 9 - A Nasty Silent AirDrop Attack Is In Town - Forbes2015-09-16T14:00:02+00:00
http://www.forbes.com/sites/thomasbrewster/2015/09/16/airdrop-ios-vulnerability/
wckvulnerabilities Security Applehttps://pinboard.in/https://pinboard.in/u:wck/b:b27a54ec14de/InfoSec Handlers Diary Blog - The Wordpress Plugins Playground2015-09-14T17:00:13+00:00
https://isc.sans.edu/diary/The+Wordpress+Plugins+Playground/20147
wckwordpress Security security_research third_partyhttps://pinboard.in/https://pinboard.in/u:wck/b:6083e7f4dc10/Justice Department lawyers call for CFAA clarification - SC Magazine2015-09-11T22:36:13+00:00
http://www.scmagazine.com/lawyers-want-more-information-on-the-computer-fraud-and-abuse-act-cfaa/article/437780/
wckcfaa Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:4d2d59da0dfc/Sending Mixed Signals – What Can Happen in the Course of Vulnerability Disclosure - Insinuator2015-09-11T18:00:33+00:00
https://www.insinuator.net/2015/09/sending-mixed-signals-what-can-happen-in-the-course-of-vulnerability-disclosure/
wckvulnerability_disclosure Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:4637bde67486/SecurityFocus2015-09-11T17:59:35+00:00
http://www.securityfocus.com/blogs/906
wckvulnerability_disclosure Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:1457f5eecbe1/FireEye 44Con injunction2015-09-10T20:55:18+00:00
http://www.forbes.com/sites/thomasbrewster/2015/09/10/fireeye-slammed-over-injunction/
wckvulnerability_disclosure Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:508d93445f0d/Heartbleed disclosure timeline: who knew what and when2015-09-10T20:51:59+00:00
http://www.theage.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140414-zqurk
wcksecurity disclosure coordination Open_Source heartbleedhttps://pinboard.in/https://pinboard.in/u:wck/b:2ad37b3f177e/Netflix Sleepy Puppy XSS flaw detection tool goes open source | ZDNet2015-09-04T12:20:51+00:00
http://www.zdnet.com/article/netflix-sleepy-puppy-xss-flaw-detection-tool-goes-open-source/
wckxss security_research Security webappsec fuzzer netflixhttps://pinboard.in/https://pinboard.in/u:wck/b:138e9d4ed98f/The Matasano Crypto Challenges2015-08-29T18:51:15+00:00
http://cryptopals.com/
wckcrypto learning Matasano Security Privacy crypto_challengeshttps://pinboard.in/https://pinboard.in/u:wck/b:a54888a36586/HowTo: Privacy & Security Conscious Browsing2015-08-26T10:59:30+00:00
https://gist.github.com/atcuno/3425484ac5cce5298932
wckPrivacy Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:1a05981e99fe/CrowdShield Bug Bounty Disclosure Programs | Blog2015-08-18T11:24:23+00:00
https://crowdshield.com/blog.php?name=reverse-engineering-a-critical-wordpress-0day-exploit
wckwordpress security webappsechttps://pinboard.in/https://pinboard.in/u:wck/b:aa8f9f4caf88/Automated Malware Analysis - Cuckoo Sandbox2015-08-08T13:54:07+00:00
http://www.cuckoosandbox.org/
wckmalware testing Security security_researchhttps://pinboard.in/https://pinboard.in/u:wck/b:0512f4e65550/US Contractors Scale Up Search for Heartbleed-Like Flaws - Bloomberg Business2015-08-08T13:37:10+00:00
http://www.bloomberg.com/news/articles/2014-05-02/us-contractors-scale-up-search-for-heartbleed-like-flaws
wckzero_day disclosure security_research Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:6cbb8dc7b5fe/The rise of the new Crypto War2015-07-26T16:21:16+00:00
http://www.dailydot.com/politics/encryption-crypto-war-james-comey-fbi-privacy/
wckencryption calea Privacy backdoor Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:fdfa1ad9004c/Michael Chertoff Makes the Case against Back Doors | emptywheel2015-07-26T16:16:34+00:00
https://www.emptywheel.net/2015/07/26/michael-chertoff-makes-the-case-against-back-doors/
wcknsa backdoor crypto Security Privacyhttps://pinboard.in/https://pinboard.in/u:wck/b:576f521222f8/How to Harden Your Google Apps – Trail of Bits Blog2015-07-16T10:53:11+00:00
http://blog.trailofbits.com/2015/07/07/how-to-harden-your-google-apps/
wckgoogle apps security settingshttps://pinboard.in/https://pinboard.in/u:wck/b:fedaad574b5b/Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win. - Defender Mindset - Site Home - TechNet Blogs2015-07-14T17:35:49+00:00
http://blogs.technet.com/b/johnla/archive/2015/04/26/defenders-think-in-lists-attackers-think-in-graphs-as-long-as-this-is-true-attackers-win.aspx
wckSecurity InfoSechttps://pinboard.in/https://pinboard.in/u:wck/b:99ad1d99ab38/What Happened At OPM? | Emergent Chaos2015-07-10T23:19:15+00:00
http://emergentchaos.com/archives/2015/07/what-happened-at-opm.html
wckopm five_whys data_breach Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:4dccb4ba9e89/Issue 325 - google-security-research - Windows: DCOM DCE/RPC Local NTLM Reflection Elevation of Privilege - Google Security Research - Google Project Hosting2015-07-09T10:52:36+00:00
https://code.google.com/p/google-security-research/issues/detail?id=325
wckgoogle msft project_zero disclosure Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:0be0ed0add59/Law Across the Wire and Into the Cloud FTC Expands Education Efforts on Business Security Practices - Law Across the Wire and Into the Cloud2015-07-07T13:42:06+00:00
http://blog.zwillgen.com/2015/07/02/ftc-expands-education-efforts-on-business-security-practices/
wckftc data_protection data_security Privacy Securityhttps://pinboard.in/https://pinboard.in/u:wck/b:7acf4ac5ce0e/