Links — #security

• BrowserGate (Apr 4, 2026)
  LinkedIn is quietly scanning your browser extensions — a privacy investigation.
  #security
• Bucketsquatting Is Finally Dead (Apr 4, 2026)
  How cloud providers finally closed the S3 bucket squatting attack vector.
  #security
• Good Bad ISPs (Apr 4, 2026)
  Tor Project's community-maintained list of ISPs and their friendliness to relay operators.
  #security
• AirSnitch: Breaking Client Isolation in Wi-Fi Networks (Apr 4, 2026)
  NDSS research paper on demystifying and exploiting Wi-Fi client isolation mechanisms.
  #security
• enject (Mar 1, 2026)
  Keeps .env secrets in encrypted local stores, injecting them at runtime without plaintext on disk.
  #security #tools
• Goodbye innerHTML, Hello setHTML (Mar 1, 2026)
  Mozilla introduces the Sanitizer API and setHTML for safer DOM manipulation in Firefox 148.
  #web #security
• Large-Scale Online Deanonymization with LLMs (Mar 1, 2026)
  Research on how LLMs can deanonymize users from writing style at scale.
  #privacy #security #ai
• Please, please, please stop using passkeys for encrypting user data (Mar 1, 2026)
  Why using passkeys with PRF for encryption is dangerous and premature.
  #security #web
• Nepenthes (Feb 7, 2026)
  A web tarpit for AI scrapers. Generates infinite pages of Markov gibberish to waste crawler resources and poison training data.
  #security #ai
• vet - safety net for curl | bash (Jul 24, 2025)
  Inspect, diff, and lint remote scripts before executing them. A safer curl | bash.
  #tools #security

< all links