Recherche : [insecure]

Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification https://www.pentagrid.ch/en/blog/python-mail-libraries-certificate-verification/

14/11/2023 11:15:01

Python’s e-mail libraries smtplib, imaplib, and poplib do not verify server certificates unless a proper SSL context is passed to the API. This leads to security problems.

MSI's (in)Secure Boot https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/

16/01/2023 06:35:44

On 2022-12-11, I decided to setup Secure Boot on my new desktop with a help of sbctl. Unfortunately I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not. It wasn't the first time that I have been self-signing Secure Boot, I wasn't doing it wrong.

As I have later discovered on 2022-12-16, it wasn't just broken firmware, MSI had changed their Secure Boot defaults to allow booting on security violations(!!).

The Majority of PostgreSQL Servers on the Internet are Insecure https://innerjoin.bit.io/the-majority-of-postgresql-servers-on-the-internet-are-insecure-f1e5ea4b3da3

09/10/2022 00:09:25

At most 15% of the approximately 820,000 PostgreSQL servers listening on the Internet require encryption. In fact, only 36% even support encryption. This puts PostgreSQL servers well behind the rest of the Internet in terms of security. In comparison, according to Google, over 96% of page loads in Chrome on a Mac are encrypted. The top 100 websites support encryption, and 97 of those default to encryption.

Liens par page

Filtres