Explains AWS authentication options like root accounts and IAM users, focusing on security best practices and access control.
Argues that HTTPS requires certificate verification for security, discussing Python's debate on backporting this fix to version 2.7.
A follow-up analysis of U.S. federal .gov domains, tracking changes in technology, security, and accessibility over three years.
Explains why running SSH servers in Docker containers is bad practice and recommends better alternatives for debugging and management.
A reflection on the ethical responsibilities of open source maintainers, especially regarding security and user dependency, beyond the 'volunteer' excuse.
Explains new SQL Server 2014 permissions like IMPERSONATE ANY LOGIN and how they interact with CONTROL SERVER for security and privilege escalation.
A blogger clarifies that Skype's unencrypted local database is not a security vulnerability, as it's protected by system-level access controls.
A practical guide on the essential and non-essential elements for building a successful web application, emphasizing simplicity and core problem-solving.
A blog post explaining the Heartbleed OpenSSL vulnerability and providing Python scripts to test websites for it.
A technical talk on the challenges and proper implementation of TLS/SSL for secure communications, presented at multiple Python conferences.
A concise, urgent guide for sysadmins on the mandatory steps to fix the critical Heartbleed OpenSSL vulnerability and secure web servers.
Explains the April 7 web security vulnerability, its impact on major sites, and provides steps for users to protect their accounts.
Explores the security implications of disabling SQL Server logins and denying permissions, focusing on how impersonation remains possible.
Apple's modified OpenSSL in macOS overrides verification failures and breaks the standard verification callback, potentially creating security risks.
Securely using OBIEE command line tools by encrypting plain-text passwords with GPG and mkfifo to meet security policies.
Details an XSS vulnerability in the Drupal Advanced Poll module (6.x-3.x and prior), including patch and mitigation.
A guide to securing the Docker API by using SSL certificates and socat for encrypted, authenticated remote connections.
A guide outlining a responsible security vulnerability disclosure and patching process for open source software projects.
Explains the difference between OBIEE's 'Act As' and 'Impersonate' features for user account access.
A security-focused session at SQL Rally Amsterdam demonstrating privilege elevation and DoS attacks via SQL Injection on SQL Server.
