SecurityWeek: Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation https://www.securityweek.com/wiz-says-62-of-aws-environments-exposed-to-zenbleed-exploitation/ #Vulnerabilities #CVE-2023-20593 #CloudSecurity #TavisOrmandy #ProjectZero #zenbleed #Amd

Which Password Manager Is Better? Standalone or Built-In?

Should you use a separate, standalone Password Manager, or the Password Manager built into your browser?

Tavis Ormandy is an Information Security Engineer from England currently employed by Google as a member of their Project Zero team.

After discussing various technical problems with Password Managers, and after downplaying the need for "nuance," Tavis says:

"If you want to use an online password manager, I would recommend using the one already built into your browser. They provide the same functionality, and can sidestep these fundamental problems with extensions.

I use Chrome, but the other major browsers like Edge or Firefox are fine too. They can isolate their trusted UI (user interface) from websites, they don’t break the sandbox security model, they have world-class security teams, and they couldn’t be easier to use."

Tavis also recommends writing down and securely storing passwords.

Standalone Password Manager applications offer consumers more features and greater functionality.

But 70% of internet users access the internet using the Chrome browser. Its built-in Password Manager is highly-regarded and may be featured enough for many users.

Is there a reason we *shouldn't* tell consumers to use the built-in Password Managers of the top 3 browsers? Do we have solid, convincing evidence to claim that built-in Password Managers are unsafe if used as designed?

I'm very interested in exploring this question, and completely open to thoughts and suggestions.

@taviso

https://lock.cmpxchg8b.com/passmgrs.html

#InfoSec
#TavisOrmandy
#PasswordManagers

📬 uBlock CSS-Injection: Angriff über Filterlisten #Hacking #ReverseEngineering #CSSInjection #GarethHeyes #TavisOrmandy #uBlock https://tarnkappe.info/ublock-css-injection-angriff-ueber-filterlisten/

📬Lesetipps: Bayern & IT-Sicherheit, DB App trackt, neue EU-Datenbank📬 https://tarnkappe.info/lesetipps-bayern-it-sicherheit-db-app-trackt-neue-eu-datenbank/ #HeikoFrenzel #TavisOrmandy #Datenschutz #AdamDunkels #Thingsquare #RohanKumar #Lesetipps #gnupg

#TavisOrmandy: "You don’t need #reproducible builds."
« I’m skeptical about #BuildReproducibility, but ardent supporters are defending and cheering for it at every opportunity. After a few too many heated discussions, I’ve decided to write down my thoughts on the topic. »
http://blog.cmpxchg8b.com/2020/07/you-dont-need-reproducible-builds.html
#NixOS #Guix