Skip to content

The 16‑kilobyte curtain. How Russia’s new data‑capping censorship is throttling Cloudflare

Technology
31 17 267
  • Women’s ‘red flag’ app Tea is a privacy nightmare

    Technology technology
    126
    1
    313 Stimmen
    126 Beiträge
    1k Aufrufe
    N
    As I mentioned in other comments, I am a noob when it comes to web-sec; please forgive what may be dumb questions. There's nothing to forgive. Asking questions and being curious is how you learn this stuff. Is it really just permission rights "over-exposure" issue? From what I've read, it's more fundamental than that. It's a basic architecture issue. The datastore was publicly accessible, which it should never be. If they had it setup according to best practices, with an API to proxy access and auth, the datastore's permissions would be of minimal consequence, unless their network was compromised (still best practice to secure it and approach with a zero-trust mindset). Or does one need to also encrypt and then decrypt the data itself that must be sent to a database? Generally, cloud datastores handle encryption/decryption transparently, as long as the account accessing data has authorization to use the key. They probably also didn't have encryption setup. Also, if you have time, recommend any links to web/cloud/SaaS security best practices "for dummies"? Here are some more resources: https://cheatsheetseries.owasp.org/cheatsheets/Secure_Cloud_Architecture_Cheat_Sheet.html https://www.oreilly.com/library/view/security-architecture-for/9781098157760/ https://www.oreilly.com/library/view/cloud-computing-security/9780429619649/ Check Humble Bundle
  • 50 Stimmen
    1 Beiträge
    0 Aufrufe
    Niemand hat geantwortet
  • Google one 2TB storage + Google gemini pro

    Technology technology
    1
    2 Stimmen
    1 Beiträge
    5 Aufrufe
    Niemand hat geantwortet
  • 149 Stimmen
    4 Beiträge
    48 Aufrufe
    T
    Very true. And the fine will be raised for next time, so you really dont want strike one.
  • Google Killed Your Attention Span with SEO-Friendly Articles

    Technology technology
    1
    1
    111 Stimmen
    1 Beiträge
    17 Aufrufe
    Niemand hat geantwortet
  • Apple appeals EU's €500M fine over App Store payment restraints

    Technology technology
    3
    1
    21 Stimmen
    3 Beiträge
    42 Aufrufe
    zak@lemmy.worldZ
    It's likely their priority is continuing to collect all the fees they can for as long as they can rather than the fine itself.
  • How data brokers shape your life

    Technology technology
    1
    1
    31 Stimmen
    1 Beiträge
    15 Aufrufe
    Niemand hat geantwortet
  • How Do I Prepare My Phone for a Protest?

    Technology technology
    139
    1
    505 Stimmen
    139 Beiträge
    3k Aufrufe
    D
    So first, even here we see foundation money and big tech, not government. Facebook, Google, etc mostly love net neutrality, tolerate encryption, anf see utility in anonymous internet access, mostly because these things don't interfere with their core advertising businesses, and generally have helped them. I didn't see Comcast and others in the ISP oligopoly on that list, probably because they would not benefit from net neutrality, encryption, and privacy for obvious reasons. The EFF advocates for particular civil libertarian policies, always has. That does attract certain donors, but not others. They have plenty of diverse and grassroots support too. One day they may have to choose between their corpo donors and their values, but I have yet to see them abandon principles.