c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
The team sent out 4,300 disclosure emails to over 600 organisations, but only 9% bothered to reply.
[...]
Eventually, the team reached a 97% remediation rate, but only after going directly to the authorities that issue the certificates.
Why you data leaks, they don't bother.
Single use keys? Can anyone more familiar with what's available after TLS 2.0 speak to the overhead of constantly generating new keys. I assume the article is advocating for sessional keys. Do we get into scaleability issues?
Also, I want to make a joke about managers pushing for speed and cost, hiring vibe coders who then hard code credentials, including private keys on their local then submitting them through the sdlc, but I'm too hungover to be funny.