Profile avatar
mikewe.st
web browser stuff: security, privacy, safety, etc.
9 posts 626 followers 50 following
Getting Started
Posts 7 Comments 5

Modern solutions against cross-site attacks (frederikbraun.de/modern-solut...): An article about cross-site leak attacks and browser-based defenses. You will also learn why web security best practices is always opt-in and finally how YOU can get increased security controls.

submitted 92 days ago • 0 comments

There's a good blog post from @april.social about cookie parsing: grayduck.mn/2024/11/21/h... And I guess it's time to dust off my broader, 2010 rant about the same: lcamtuf.blogspot.com/2010/10/http... Some things have improved, but cookies are still a bit of a design fail.

submitted 98 days ago • 1 comment

Do you, like me, periodically need to produce a base64-encoded SHA-2 hash of some text? Have you found existing online generator tools to be slightly annoying in some minor way that doesn't precisely fit your workflow? Well, here's another that will annoy you in _different_ ways: sha2.it

submitted 99 days ago • 0 comments

Happy to publish the effort of my last five years: Security Signals. research.google/pubs/securit...

submitted 102 days ago • 0 comments

I'm skimming RFC9421's signing and validation algorithms for reasons, and it seems like the spec provides way more room for confusion about what's being signed than I'd prefer, with guidance like "Determine an order for any signature parameters...". How? 🤷 www.rfc-editor.org/rfc/rfc9421....

submitted 102 days ago • 1 comment

Daniel Stenberg's notes from this week's HTTP Workshop are a nice way of catching up on smart folks' thoughts about the present and future of your favorite transport protocol: Day 1: daniel.haxx.se/blog/2024/11... Day 2: daniel.haxx.se/blog/2024/11... Day 3: daniel.haxx.se/blog/2024/11...

submitted 104 days ago • 1 comment

I set up this account, then nerdsniped myself right past the process of crafting a witty and enticing "Hello, world!" post to instead spend a few minutes trying to figure out whether Bluesky supported security keys rather than email for 2FA. It apparently doesn't. 🤷

submitted 104 days ago • 0 comments