A selection of this week’s more interesting vulnerability disclosures and cyber security news. Development frameworks are wonderful, can’t disagree there, they do make life easier by taking away tedious process. Obviously their increased complexity in hiding this tedium from the dev means debugging can be tricky at times. So they often included some quite revealing debug modes that can help…. Only that they really are for the eyes of the dev and not the public. Switching them off when in production is a good idea don’t you think?
Biometrics again, something I’m not entirely comfortable with as a sole means of authentication. One’s body is not easy to change should some vulnerability be found in how that data can be faked. I would advocate that as the second aspect of 2FA along with existing passwords or pins it is handy, but what about something that occurred to me while reading this article, how with an automatic biometric auth/payment would we be able to have multiple accounts on a system, perhaps for business and leisure?
This week in the office we were chatting about the changes to Chrome in the way it lets you know what level of protection a site is at. Well, these two articles then appear which make use of valid certificated sites to garner trust in who you are talking to. I think the lesson to be learned is no matter what site you are on, the moment you begin to part with any PII, ensure you are where you think you are:
In other news: