security-txt
keepassxc
security-txt | keepassxc | |
---|---|---|
9 | 521 | |
1,738 | 19,422 | |
0.0% | 3.1% | |
10.0 | 8.9 | |
over 1 year ago | 3 days ago | |
HTML | C++ | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
security-txt
- Ask HN: I found a security issue on a (known) website, should I report it? How?
-
Why should you care about the "security.txt" file on your website?
A very, very long article to say "you should have a security.txt file, find an example at https://securitytxt.org/".
-
Ask HN: How to Submit Bugs to Shopify?
https://www.shopify.com/.well-known/security.txt (https://securitytxt.org/ standard)
- Security.txt now mandatory for Dutch government websites
-
Security.txt file now mandatory for Dutch government websites
You are looking in the wrong place. https://securitytxt.org/ proposes to create a text file called security.txt under the .well-known directory of your project.
So, the URL becomes:
- I have gained access to numerous GCloud Organizations by accident
-
I reported an IT security issue to Ecoflow and have been incredibly frustrated with the process
This is great. Would you please also implement RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116 or https://securitytxt.org) and give ever security researcher the chance to get in contact with you.
- [ENG] KeePass 2.X Master Password Dumper (CVE-2023-32784)
-
We should start to add “ai.txt” as we do for “robots.txt”
security.txt https://github.com/securitytxt/security-txt :
> security.txt provides a way for websites to define security policies. The security.txt file sets clear guidelines for security researchers on how to report security issues. security.txt is the equivalent of robots.txt, but for security issues.
Carbon.txt:
> A proposed convention for website owners and digital service providers to demonstrate that their digital infrastructure runs on green electricity.
"Work out how to make it discoverable - well-known, TXT records or root domains" https://github.com/thegreenwebfoundation/carbon.txt/issues/3... re: JSON-LD instead of txt, signed records with W3C Verifiable Credentials (and blockerts/cert-verifier-js)
keepassxc
- Passkey Implementation: Misconceptions, pitfalls and unknown unknowns
- KeePassXC Issue: [Passkeys] should never be exported in clear text
- Authy to sunset EOL end of March 19, 2024 (originally August 2024)
-
I Stopped Using Passwords. It's Great–and a Total Mess
KeepassXC supports exporting, but i don't think it is released in a stable version / to the public yet:
https://github.com/keepassxreboot/keepassxc/pull/8825
-
Ask HN: Best Password Manager without cloud login?
If you use KeePass, make sure you use the KeePassXC variant. KeePass is dead.
https://keepassxc.org/
-
Do you trust password mangers?
That's why you use the superior one, KeePassXC, as linked in the NIST link: https://github.com/keepassxreboot/keepassxc/discussions/9433
- What program(s) do you use to remember passwords, including crypto?
-
Will Plasma 6 still keep X11 compatibility?
Over there, they got pissed about people constantly bugging them about it and closed the bug with the last comment reading:
-
Help a noob out, please.
for the internet, use a password manager like keepassxc with a strong password.
-
KDE Plasma 6.0 Is Enabling Wayland by Default
Another regression is that KeePassX/C AutoType doesn't work with Wayland, so now instead of a simple CTRL+V in KeePassXC, I have to separately copy and paste the user and the pass.
https://github.com/keepassxreboot/keepassxc/issues/2281
What are some alternatives?
carbon.txt - A proposed convention for making it possible demonstrate that your infrastucture uses green power
KeePassDX - Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
keepass-password-dumper - Original PoC for CVE-2023-32784
KeePass2.x - unofficial mirror of KeePass2.x source code
bugbounty-resources
vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
well-known-uris - Registry for Well Known URIs
Strongbox - A KeePass/Password Safe Client for iOS and OS X
datatxt-spec - data.txt: Specification
MacPass - A native macOS KeePass client
opengraph - A python module to parse the Open Graph Protocol
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.