Our great sponsors
-
If you have a Linux PC with a TPM, you can use https://github.com/psanford/tpm-fido to create and "plug in" a virtual USB WebAuthn key whose secret is irretrievably stored in the machine's TPM. This effectively asserts that your specific machine is being used to enter a given site. However, it's important to remember it doesn't necessarily verify that *you're* present, or even if *anyone* is present at all, since the presence check is done via a software dialog and can be pwned along with the rest of the system.
-
> Infostealers for Mac are a thing (Uber is a mac heavy shop I hear)
Block unknown executables on company machines. Google developed Santa to protect themselves: https://github.com/google/santa
> and that's all it takes to steal cookies and tokens post-mfa,
Make post-MFA cookies and tokens short-lived. Require MFA re-authentication at least daily.
> or why even bother with that, if you're running code just make it a reverse shell.
All outbound connections should be strictly monitored, especially from production servers, which should have no ability to make outbound connections. With modern dependency management, that's harder for build servers, but still doable.
-
Appwrite
Appwrite - The Open Source Firebase alternative introduces iOS support. Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!
Related posts
- MacOS + MDM Policies (Privacy, Notifications, Native Apps)
- Possible to restrict which applications a user can install/execute?
- On Oct 24th Apple will release macOS Ventura - Are you ready?
- What Anti-Keylogging Software do you use or recommend?
- Way to get either report or alert on newly installed apps?