Hacker News
- Google Details Tools of Commercial Spyware Vendor Variston https://duo.com/decipher/google-exposes-heliconia-exploit-framework-targeting-chrome-firefox-windows 9 comments
- Dan Kaminsky once found a flaw in DNS that would have destroyed the internet https://duo.com/blog/the-great-dns-vulnerability-of-2008-by-dan-kaminsky 3 comments
- New DNS Abuse Institute Tackles Malicious Activity https://duo.com/decipher/new-dns-abuse-institute-tackles-malicious-activity 4 comments
- Finding Radio Frequency Side Channels https://duo.com/labs/research/finding-radio-sidechannels 17 comments
- Secure Boot in the Era of the T2 https://duo.com/labs/research/secure-boot-in-the-era-of-the-t2 96 comments
- Manual chip decapsulation [video] https://duo.com/decipher/dont-try-this-at-home-chip-decapsulation 31 comments
- North Korean Attackers TA444 Shift Tactics https://duo.com/decipher/north-korean-attackers-ta444-shift-tactics 9 comments cryptocurrency
- How to make VMWare Remote Console Work Through NGINX Reverse Proxy? https://duo.com/docs/dng 6 comments sysadmin
- RDP without VPN https://duo.com 53 comments sysadmin
- MFA on privileged accounts? https://duo.com/docs/rdp 29 comments sysadmin
- Duo PAM still depends on libssl 1.0.0? https://duo.com/docs/duounix 22 comments sysadmin
- U.S. Forms Cryptocurrency Enforcement Team to Disrupt Ransomware Payments https://duo.com/decipher/u-s-forms-cryptocurrency-enforcement-team-to-disrupt-ransomware-payments 10 comments cryptocurrency
- Mozilla Rally Wants to Give Users Back Control of Their Personal Data https://duo.com/decipher/mozilla-rally-aims-to-give-control-of-personal-data-back-to-users 3 comments privacy
- Turning a Radeon GPU's shader clock in to a tunable radio transmitter that can jump through walls & get picked up 50ft away https://duo.com/labs/research/finding-radio-sidechannels 36 comments netsec
- [Tutorial] Protect your services/sites with a Two-Factor Authentication Reverse Proxy (for free up to 10 users) https://duo.com/docs/dng 28 comments selfhosted
- How to Monitor GitHub for Secrets https://duo.com/labs/research/how-to-monitor-github-for-secrets 26 comments netsec
- How Security Keys Store Credentials https://duo.com/labs/tech-notes/how-security-keys-store-credentials 7 comments netsec
- Detecting Phishing with SPF Macros https://duo.com/labs/tech-notes/detecting-phishing-with-spf-macros 5 comments netsec
- Docker Bug Allows Root Access to Host File System https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system 8 comments coding
- Docker Bug Allows Root Access to Host File System https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system 38 comments java
- Docker Bug Allows Root Access to Host File System https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system 33 comments netsec
- Microsoft will no longer recommend forcing periodic password resets https://duo.com/decipher/microsoft-will-no-longer-recommend-forcing-periodic-password-changes 40 comments technology
- Amazon Increases Security For CloudFront Domains https://duo.com/decipher/amazon-increases-security-for-cloudfront-domains 13 comments aws
- CRXcavator a new free web tool to scan Chrome extensions and provide risk scores https://duo.com/blog/crxcavator 5 comments netsec
- Secure Boot in the Era of the T2 https://duo.com/blog/secure-boot-in-the-era-of-the-t2 5 comments hardware
- Cisco Announces Intent to Acquire Duo https://duo.com/blog/the-evolution-of-networking-and-security-cisco-announces-intent-to-acquire-duo 6 comments netsec
- Anyone have experience with Duo and 2FA? https://duo.com/ 31 comments sysadmin
- Apple iMac Pro and Secure Storage [Duo] https://duo.com/blog/apple-imac-pro-and-secure-storage 3 comments apple
- What's your preferred Multi Factor Authentication solution? https://duo.com/duo-vs-traditional-two-factor 101 comments sysadmin
- New SAML Vulnerabilities Affecting Multiple Implementations https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations 25 comments netsec
- Phish in a Barrel: Hunting and Analyzing Phishing Kits at Scale https://duo.com/assets/ebooks/phish-in-a-barrel.pdf 6 comments netsec
- The Apple of Your EFI: Mac Firmware Security Research https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research 29 comments netsec
- Hunting for Malicious npm Packages https://duo.com/blog/hunting-malicious-npm-packages 15 comments programming
- Hunting for Malicious npm Packages https://duo.com/blog/hunting-malicious-npm-packages 8 comments netsec
- Introducing IsThisLegit and Phinn https://duo.com/blog/new-open-source-phishing-tools-isthislegit-and-phinn 6 comments netsec
- Over 18,000 Redis Instances Targeted by Fake Ransomware https://duo.com/blog/over-18-000-redis-instances-targeted-by-fake-ransomware 15 comments programming
- Over 18,000 Redis Instances Targeted by Fake Ransomware https://duo.com/blog/over-18-000-redis-instances-targeted-by-fake-ransomware 4 comments sysadmin
- Over 18,000 Redis Instances Targeted by Fake Ransomware https://duo.com/blog/over-18-000-redis-instances-targeted-by-fake-ransomware 34 comments netsec
- OEM updaters: Every single vendor had at least one vulnerability that could allow an attacker to execute arbitrary code as SYSTEM. https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters 51 comments programming
- Out-of-Box Exploitation: A Security Analysis of OEM Updaters aka "Shovelware, crapware, bloatware, “value added” https://duo.com/assets/pdf/out-of-box-exploitation_oem-updaters.pdf 12 comments sysadmin
- What do you all do to mitigate things like this? https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters 16 comments sysadmin
Linking pages
- How does Brown University know where you are? https://jack.wrenn.fyi/blog/brown-location-surveillance/ 217 comments
- GitHub - cjbarber/ToolsOfTheTrade: Tools of The Trade, from Hacker News. https://github.com/cjbarber/ToolsOfTheTrade 202 comments
- GitHub - authelia/authelia: The Single Sign-On Multi-Factor portal for web apps https://github.com/authelia/authelia 137 comments
- GitHub - ripienaar/free-for-dev: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev https://github.com/ripienaar/free-for-dev 80 comments
- Why I love the Detroit startup scene | VentureBeat https://venturebeat.com/2017/05/20/why-i-love-the-detroit-startup-scene/ 48 comments
- Alexsey’s TTPs. (.. Tactics, Techniques, and… | by Chris McNab | AlphaSOC | Medium https://medium.com/@chrismcnab/alexseys-ttps-1204d9050551#.xbf6bsm42 28 comments
- How the Top 5 PC Makers Open Your Laptop to Hackers | WIRED https://www.wired.com/2016/05/2036876/ 12 comments
- GitHub - authelia/authelia: The Single Sign-On Multi-Factor portal for web apps https://github.com/clems4ever/authelia 10 comments
- Cisco Duo warns third-party data breach exposed SMS MFA logs https://www.bleepingcomputer.com/news/security/cisco-duo-warns-third-party-data-breach-exposed-sms-mfa-logs/ 10 comments
- GitHub - venth/aws-adfs: Command line tool to ease aws cli authentication against ADFS (multi factor authentication with active directory) https://github.com/venth/aws-adfs 9 comments
- The tools and tricks that let Ars Technica function without a physical office | Ars Technica https://arstechnica.com/information-technology/2020/01/no-office-no-problem-how-ars-technicas-remote-workers-work/ 8 comments
- Authelia Tutorial - Protect your Docker Traefik stack with Private MFA | SHB https://www.smarthomebeginner.com/docker-authelia-tutorial/ 4 comments
- 100 Top Venture Capitalists in the USA https://valuer.ai/blog/100-top-venture-capitalists-in-the-usa/ 4 comments
- GitHub - CirrusMD/authum: Awesome authentication tool for connecting command line applications to SAML/OIDC identity and service providers https://github.com/CirrusMD/authum 2 comments
- Who is hiring product managers? (April 2017) | Roadmap.com https://www.roadmap.com/hiring-product-managers-april-2017 1 comment
- free security advice.md · GitHub https://gist.github.com/grugq/353b6fc9b094d5700c70 1 comment
- Why Michigan is the Midwest’s most improved startup community | by Hyde Park Angels | Medium https://medium.com/@hydeparkangels/why-michigan-is-the-midwests-most-improved-startup-community-90a6eefd3e5d 1 comment
- How to protect yourself from doxxing | by Joe Hootman | Medium https://medium.com/@hoottech/how-to-protect-yourself-from-doxxing-74dc3d096e6a 1 comment
- Passwordless Authentication Services https://haydenjames.io/passwordless-authentication-services/ 1 comment
- GitHub - cerberauth/awesome-openid-connect: OpenID Connect, the authentication protocol and identity layer on top of OAuth 2.0 used in many SSO and adopted in many social logins (Apple, Facebook, Google, ...etc). Find this curated list of providers, services, libraries, and resources to adopt it and know more about existing specs. https://github.com/cerberauth/awesome-openid-connect 1 comment