We're on a boat! This week, Scott Helme is back in town so I'm treating him to a rare sight for the Englishman - sunshine ☀️
We're also talking about my .NET Conf talk, Chrome's visual changes (and rolling back some of them), the FreshMenu data breach, getting better at filtering CSP reports, the effectiveness of public shaming, the kayo.moe credential stuffing list and lastly, Scott talks about his blog post on protecting sites from modified JavaScript (now linked to in the references below). Next week, we're in Sydney for NDC so we'll do another joint update then.
References
- I spoke at .NET Conf on pwning your cloud costs (link through to the recorded talk)
- FreshMenu had a breach and attempted to conceal it (this never works out well)
- CSP filtering is a tricky thing (post there on how we've been tackling it with Report URI)
- A file hosting service called kayo.moe identified a heap of uploaded credentials (someone was stashing their cred stuffing lists there)
- Netsparker is, once again, this week's sponsor (and they beat Scott to this blog post...)
- ...but read Scott's post anyway ? (how your JS is being pwned, and how to stop it from doing damage)