You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Instantly share code, notes, and snippets.
💻
Jens Hausdorf
jens1o
💻
Hey there :)
22 y/o, not afraid of tech in general, but afraid of some caveats
This is a living document. Everything in this document is made in good
faith of being accurate, but like I just said; we don't yet know everything
about what's going on.
Background
On March 29th, 2024, a backdoor was discovered in
xz-utils, a suite of software that
First of all, please note that token expiration and revoking are two different things.
Expiration only happens for web apps, not for native mobile apps, because native apps never expire.
Revoking only happens when (1) uses click the logout button on the website or native Apps;(2) users reset their passwords; (3) users revoke their tokens explicitly in the administration panel.
1. How to hadle JWT expiration
A JWT token that never expires is dangerous if the token is stolen then someone can always access the user's data.
Extract from the Top 1M Alexa domains (and also from investigations) using coin-hive mining service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Putting cryptographic primitives together is a lot like putting a jigsaw
puzzle together, where all the pieces are cut exactly the same way, but there
is only one correct solution. Thankfully, there are some projects out there
that are working hard to make sure developers are getting it right.
The following advice comes from years of research from leading security
researchers, developers, and cryptographers. This Gist was [forked from Thomas
Ptacek's Gist][1] to be more readable. Additions have been added from
Optimized my.cnf configuration for MySQL/MariaDB (on Ubuntu, CentOS, Almalinux etc. servers)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters