Phising by Ciro Santilli 35 Updated +Created
Cross-site scripting by Ciro Santilli 35 Updated +Created
Computer security conference by Ciro Santilli 35 Updated +Created
DEF CON by Ciro Santilli 35 Updated +Created
Black Hat Briefings by Ciro Santilli 35 Updated +Created
Computer security researcher by Ciro Santilli 35 Updated +Created
Ciro Santilli found out that he likes computer security researchers and vice versa.
It's a bit the same reason why he likes physicists: you can't bullshit with security.
You can't just talk nice and hope for people to belive you.
You can't not try to break things and just keep everyone happy in their false illusion of safety.
You can't do a half job.
If you do any of that, you will get your ass handed to you in a little gift bag.
GitHub Sponsors by Ciro Santilli 35 Updated +Created
Bank by Ciro Santilli 35 Updated +Created
DARPA by Ciro Santilli 35 Updated +Created
Dan Kaminsky by Ciro Santilli 35 Updated +Created
A superstar security researcher with some major exploits from in the 2000's.
Denial-of-service attack by Ciro Santilli 35 Updated +Created
Multi-factor authentication by Ciro Santilli 35 Updated +Created
2FA app by Ciro Santilli 35 Updated +Created
Google 2FA app token can be updated without checking the old 2FA by Ciro Santilli 35 Updated +Created
Ermm, as of February 2021, I was able to update my 2FA app token with the password alone, it did not ask for the old 2FA.
So what's the fucking point of 2FA then? An attacker with my password would be able to login by doing that!
Is it that Google trusts that particular action because I used the same phone/known IP or something like that?
OAuth by Ciro Santilli 35 Updated +Created
The fatal flaw of OAuth is that websites have to enable specific providers, they can't just automatically select the correct OAuth for a given email domain. This means that the vast majority of websites will only provide the most widely popular providers such as Google, and the like, which means people won't have decent privacy.
So you are just better off with password logins and a decent password manager.
Password manager by Ciro Santilli 35 Updated +Created
A cross browser, cross platform, and server-encrypted password manager is a must after Snowden!!! E.g. Proton Pass. And governments should obviously provide one to its citizens, or else be spied upon by the USA obviously: Governments should provide basic Internet infrastructure.
Plausible deniability by Ciro Santilli 35 Updated +Created
Security through obscurity by Ciro Santilli 35 Updated +Created
Video 1.
LockPickingLawyer SAINTCON keynote (2021)
Source. SAINTCON is "Utah's Premiere Security Conference".
Kerckhoffs's principle by Ciro Santilli 35 Updated +Created
Basically the opposite of security through obscurity, though slightly more focused on cryptography.
Malware by Ciro Santilli 35 Updated +Created

Pinned article: ourbigbook/introduction-to-the-ourbigbook-project

Welcome to the OurBigBook Project! Our goal is to create the perfect publishing platform for STEM subjects, and get university-level students to write the best free STEM tutorials ever.
Everyone is welcome to create an account and play with the site: ourbigbook.com/go/register. We belive that students themselves can write amazing tutorials, but teachers are welcome too. You can write about anything you want, it doesn't have to be STEM or even educational. Silly test content is very welcome and you won't be penalized in any way. Just keep it legal!
Video 1.
Intro to OurBigBook
. Source.
We have two killer features:
  1. topics: topics group articles by different users with the same title, e.g. here is the topic for the "Fundamental Theorem of Calculus" ourbigbook.com/go/topic/fundamental-theorem-of-calculus
    Articles of different users are sorted by upvote within each article page. This feature is a bit like:
    • a Wikipedia where each user can have their own version of each article
    • a Q&A website like Stack Overflow, where multiple people can give their views on a given topic, and the best ones are sorted by upvote. Except you don't need to wait for someone to ask first, and any topic goes, no matter how narrow or broad
    This feature makes it possible for readers to find better explanations of any topic created by other writers. And it allows writers to create an explanation in a place that readers might actually find it.
    Figure 1.
    Screenshot of the "Derivative" topic page
    . View it live at: ourbigbook.com/go/topic/derivative
    Video 2.
    OurBigBook Web topics demo
    . Source.
  2. local editing: you can store all your personal knowledge base content locally in a plaintext markup format that can be edited locally and published either:
    • to OurBigBook.com to get awesome multi-user features like topics and likes
    • as HTML files to a static website, which you can host yourself for free on many external providers like GitHub Pages, and remain in full control
    This way you can be sure that even if OurBigBook.com were to go down one day (which we have no plans to do as it is quite cheap to host!), your content will still be perfectly readable as a static site.
    Figure 5. . You can also edit articles on the Web editor without installing anything locally.
    Video 3.
    Edit locally and publish demo
    . Source. This shows editing OurBigBook Markup and publishing it using the Visual Studio Code extension.
    Video 4.
    OurBigBook Visual Studio Code extension editing and navigation demo
    . Source.
  3. https://raw.githubusercontent.com/ourbigbook/ourbigbook-media/master/feature/x/hilbert-space-arrow.png
  4. Infinitely deep tables of contents:
    Figure 6.
    Dynamic article tree with infinitely deep table of contents
    .
    Descendant pages can also show up as toplevel e.g.: ourbigbook.com/cirosantilli/chordate-subclade
All our software is open source and hosted at: github.com/ourbigbook/ourbigbook
Further documentation can be found at: docs.ourbigbook.com
Feel free to reach our to us for any help or suggestions: docs.ourbigbook.com/#contact