security

NPM Maintainers Security Review

After brief investigation of the top 1,000 downloaded NPM Packages, we found that a number of the package maintainers accounts have insufficient protection against basic account takeover methods. This could affect a number of downstream projects, some of which help host basic and foundational infrastructure in modern, digital society. In the tech world, we stand upon the shoulders of giants. If those giants have weak security authenticating their identities, they may crumble.

36c3 and Me - Part 1

36c3 The 36th Chaos Commnunication Congress (36c3) was held once again in Leipzig this year. I have never documented my experiences at Congress, but I feel like this year is different. I did less ‘Angeling’ than I used to, and I feel like I should find ways to contribute back to this beautiful event. Congress is a hacker gathering and then some. It's a place where the motto is “All Creatures Welcome”.