@simon What is the source of this "standard advice"? I ask because it seems misguided on the face of it (not that I don't believe you that it's out there). Is there a collection of such standard advice - if it's like this I'd like to debunk it, could make an interesting series or book.
Notices by Loren Kohnfelder (lmk@infosec.exchange)
-
Embed this notice
Loren Kohnfelder (lmk@infosec.exchange)'s status on Friday, 06-Dec-2024 05:04:03 JST Loren Kohnfelder
-
Embed this notice
Loren Kohnfelder (lmk@infosec.exchange)'s status on Wednesday, 07-Feb-2024 22:44:57 JST Loren Kohnfelder
@eff Serious question: What are businesses supposed to do? Secrets are hard to keep in large organizations, and they need to authenticate between organizations.
-
Embed this notice
Loren Kohnfelder (lmk@infosec.exchange)'s status on Wednesday, 07-Feb-2024 22:44:53 JST Loren Kohnfelder
@mcv @eff We've had PGP and SMIME email for ages but hardly anyone bothers...
Since it takes both parties it's blocked by chicken-and-egg problems getting started.
Kind of amazing that it has come to this and still nobody is very serious about solidly authenticating million-dollar scale transactions. -
Embed this notice
Loren Kohnfelder (lmk@infosec.exchange)'s status on Friday, 02-Feb-2024 00:57:03 JST Loren Kohnfelder
@ryanc do you still have the 5 lines of code to share? @Natanox @womble gotofail was preventable just by a unit test checking that each of the necessary conditions were being tested. Nice blast from the past.
-
Embed this notice
Loren Kohnfelder (lmk@infosec.exchange)'s status on Tuesday, 14-Nov-2023 07:02:08 JST Loren Kohnfelder
@nixCraft I recommend composing the commit message first, then coding to match.