The employees responsible for tackling hacking threats have alleged that the Silicon Valley giant is replacing them with machines and is automating its alert response and security teams

The app is the government's mobile application for contact tracing and disseminating medical advisories to users in order to contain the spread of Covid-19

Coddington, Mark (Mark Allen), author

Will take action against those spreading rumours, say police

The panelists talk to The Node Security Project founder and organizer, Adam Baldwin.

02:32 - Troy Hunt Introduction

• Twitter
• GitHub
• Blog
• Troy Hunt's Pluralsight Courses

04:12 - Why should people care about security?

06:19 - When People/Businesses Get Hacked

09:47 - “Hacking”

• Social Engineering
  • BeEF

11:42 - Inventive “Hacks”

• SQL Injection
  • sqlmap
• Stuxnet

13:24 - Motivation for Hacking/Can hacking be valuable?

17:08 - Consequences and Retribution

19:10 - How to Build Secure Applications

20:47 - Weighing in UX

22:50 - Common Misconceptions

• Password Storage
  • hashcat
• Encoding
• Cookies

31:27 - Passwords (Cont’d)

33:16 - Justifying the Importance of Security

35:24 - Client-side Security

• Cross-side Scripting
• DOM Based Cross-side Scripting
  • Content Security Policy (CSP)

44:10 - Resources

• AngularJS Security Fundamentals
• Hack Yourself First

45:27 - Routing

47:21 - Timeouts

51:36 - Cached Data

Picks

awesome-react (Aimee)
Edsger W. Dijkstra Quotes (Jamison)
Sam Newman: Telstra, Human Error and Blame Culture (Jamison)
Infinite Jest by David Foster Wallace (Jamison)
T.I.M.E Stories (Joe)
We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency Paperback by Parmy Olson (Troy)
The Have I been pwned Project (Troy)

On today's episode, Charles Max Wood and Aimee Knight discuss InfoSec for Web Developers with Kim Carter. Kim is a senior software engineer/architect, an information security professional, and the founder of binarymist.io. He is currently working on his book called Holistic InfoSec for Web Developers. Tune in to learn more on what his book is all about.

Panel: 

Charles Max Wood

AJ O’Neal

Joe Eames

Special Guests: Adam Baldwin

In this episode, JavaScript Jabber panelist speak with Adam Baldwin. Adam is a return guest and has many years of application security experience. Currently, Adam runs the Node Security Project/Node Security Platform, and Lift Security. Adam discusses the latest of security of Node Security with Charles and AJ. Discussion topics cover security in other platforms, dependencies, security habits, breaches, tokens, bit rot or digital atrophy, and adding security to your development.

In particular, we dive pretty deep on:

• What is  the Node Security Project/Node Security Platform
• Dependency trees
• NPM
• Tokens and internal data
• What does Node Security do for me?
• NPX and NSP
• Command Line CIL
• Bit Rot or Digital Atrophy
• How often should you check repos.
• Advisories
• If I NPM install?
• Circle CI or Travis
• NSP Check
• What else could I add to the securities?
• Incorporate security as you build things
• How do you find the vulnerabilities in the NPM packages
• Two Factor authentication for NPM
• Weak Passwords
• OL Dash?
• Install Scripts
• Favorite Security Story?
• And much more!

Links:

• Node Security 
• Lift Security
• https://github.com/evilpacket
• @nodesecurity
• @liftsecurity
• @adam_baldwin

Picks:

Adam

• Key Base
• Have I been Pwned?

Charles

• Nettie Pot 
• convo.com

AJ

• This Episode with Adam Baldwin
• Free the Future of Radical Price
• Made In America Sam Walton
• Sonic - VGM Album

Joe

• Pych - Movie
• NG Conf
• Why We Don’t Suck

Panel:

• Charles Max Wood

Special Guests: Evan Hahn

In this episode, the JavaScript Jabber panelists discuss securing Express apps with Helmet.js with Evan Hahn. Evan is a developer at Airtable, which is a company that builds spreadsheet applications that are powerful enough that you can make applications with. He has also worked at Braintree, which does payment processing for companies. They talk about what Helmet.js is, when you would want to use it, and why it can help secure your Express apps. They also touch on when you wouldn’t want to use Helmet and the biggest thing that it saves you from in your code.

In particular, we dive pretty deep on:

• Evan intro
• JavaScript
• What is Helmet.js?
• Node and Express
• Why would you use the approach of Middleware?
• Helmet is not the only solution
• Http headers
• Current maintainer of Helmet.js
• npm
• Has added a lot to the project, but is not the original creator
• Outbound HTTP response headers
• Helmet doesn’t fully secure your app but it does help secure it
• How does using Helmet work?
• Are there instances when you wouldn’t want to use Helmet?
• No cash middleware
• Where do you set the configuration options?
• Top level Helmet module
• 12 modules
• What is the biggest thing that Helmet saves you from?
• Content security policy code
• And much, much more!

Links:

• Airtable
• Braintree
• JavaScript
• Helmet.js
• Node
• Express
• npm
• Evan’s Website
• @EvanHahn
• Evan’s GitHub

Picks:

Charles

• Camera
• Zoom H6
• Shure SM58
• DevChat.tv Youtube
• React Round Up

Evan

• Clojure
• Fortune
• Kantaro: The Sweet Tooth Salaryman

Today the panel is talking about security features that are being added to Node 13. AJ talks about the background and what he’s working with Let’s Encrypt. He talks about changes that Node has made to the TLS module. TLS is a handshake that happens between a client and a server. They exchange certificates, generate some random numbers to use for encryption, and TLS handles the encryption. The move to HTTP/2 is all about fixing legacy bugs and legacy features from the SSL days and reducing the number of handshakes.

AJ talks about the difference between TLS and HTTPS. While TLS reduces the handshakes between client and server, HTTPS is just HTTP and has no knowledge that TLS is going on. HTTP/2 is more baked in as both encryption and compression are part of the specification and you get it automatically. HTTP/2 is also supposed to be faster because there’s fewer handshakes, and you can build heuristic based web servers. Since browsers have varying degrees of compatibility, a smart HTTP/2 server will classify the browser and anticipate what files to send to a client based on behavior and characteristics without the client requesting them

A lot of these new features will be built into Node, in addition to some other notable features. First, there will now be set context on the TLS object. Second, if you’re connected to a server, and the server manages multiple domains, the certificate will have multiple names on it. Previously, each different server name had a different network request, but now a .gitcertificate will let you get all the metadata about the certificate, including the primary domain and all the secondary domains and reuse the connections. 

These new features are a great improvement on the old Node. Previously, the TLS module in Node has been an absolute mess. These are APIs that have been long neglected, and are long overdue core editions to Node. Because of these additions, Node Crypto has finally become usable. HTTP/2 is now stable, usable, and has backwards compatable API, and a dictionary of headers to make it more efficient in compression.

The conversation turns back to certificates, and AJ explains what a certificate is and what it represents. A certificate has on it a subject, which is a field which contains things like common name, which in the case of HTTPS is the server name or host name. then it will have subject alternative names (SAN), which will have a list of other names that are valid on that certificate. Also included on the certificate is the name of the authority that issued the certificate. AJ talks about some of the different types of certificates, such as DV, OV, and EV certificates. They differentiate between encryption and hashing. Hashing is for verifying the integrity of data, while encryption can be used either as signing to verify identity or to keep data owned privately to the parties that are part of the connection. Encryption does not necessarily guarantee that the data is the original data. The show concludes with AJ talking about how he wants to make encryption available to the average person so that everyone can share securely. 

Panelists

• Steve Edwards

• AJ O’Neal

• Charles Max Wood

Sponsors

• Tidelift

• Sentry use the code “devchat” for 2 months free on Sentry’s small plan

• Ruby Rogues

Links

• Let’s Encrypt

• Greenlock

• HTTP/2

• Node.js

• Node Crypto

• JWK

• LZMA

• Gzip

• Broccoli.js

• HTTPS

• GCM

• ASN.1

• OWASP list

• jwt.io

• Diffie Hellman Key Exchange

• Khana Academy Diffie-Hellman Key Exchange pt.2

Follow DevChatTV on Facebook and Twitter

Picks

Steve Edwards:

• Panasonic SD-YD250 bread machine

AJ O’Neal:

• Greenlock v.3

• Samsung Evo 4 TOB paired with 2012 Macbook Pro

• Dave Ramsey on Christian Healthcare Ministries

Charles Max Wood: 

• Velcro straps

• Mac Pro Upgrade Guide

In this episode of JavaScript Jabber the panel interviews security expert, Kevin A. McGrail. He starts by explaining what security frameworks and what they do. The panel wonders how to know if your developers are capable of self-auditing your security or if you need help. Kevin shares recommendations for companies to look at to answer that question. 

Aimee Knight explains the hell she has been in making changes to be compliant with CCPA. The panel considers how policies like this complicate security, are nearly impossible to be compliant with and how they can be weaponized. They discuss the need for technical people to be involved in writing these laws. 

Kevin explains how you can know how secure your systems actually are. He shares the culture of security first he tries to instill in the companies he trains. He also trains them on how to think like a bad guy and explains how this helps developers become security first developers. The panel discusses how scams have evolved and how the same scams are still being run. They consider the importance of automated training and teaching developers to do it right the first time.

Finally, they consider the different ways of authentication, passwords, passphrases, sim card, biometrics. Kevin warns against oversharing or announcing vacations. The panel discusses real-world tactics bad guys use. Kevin explains what he trains people to do and look out for to increase security with both social engineering and technical expertise. 

Panelists

• Aimee Knight

• AJ O’Neal

• Charles Max Wood

• Dan Shappir

• Steve Edwards

Guest

• Kevin A McGrail

Sponsors

• ABOUT YOU | aboutyou.com/apply

• Split

• CacheFly

____________________________________________________________

"The MaxCoders Guide to Finding Your Dream Developer Job" by Charles Max Wood is now available on Amazon. Get Your Copy Today!

____________________________________________________________

Links

• Ghost in the Wires

• https://www.infrashield.com/

Follow DevChatTV on Facebook and Twitter

Picks

Aimee Knight:

• The More Gender Equality, the Fewer Women in STEM 

AJ O’Neal:

• I'll Let Myself In: Tactics of Physical Pen Testers 

• Copying Keys from Photos, Molds & More 

• The LED Traffic Light and the Danger of "But Sometimes!" 

• Regina Spektor 

• The Weepies 

Dan Shappir:

• This is what happens when you reply to spam email 

• What is Your Password? 

Kevin A McGrail:

• XKCD Security 

• IT Crowd

• https://spamassassin.apache.org/

Steve Edwards:

• XKCD Password Generator 

• Nerd Sniping

Winkler, Ira

With the arrest of Tehsin Akhtar, thought to be Indian Mujahideen (IM) commander of India operations, security agencies have netted another big fish in the fight against terror.

Hardt, Judith Nora, author

Australia. Parliament. Senate. Rural and Regional Affairs and Transport References Committee, author, issuing body

Product offerings include Cisco, CEH, CISSP, CompTIA Security+, and SSCP.

Online Resource

Online Resource

Online Resource

Hayden Library - TP290.R39 B39 2018

Sechrest, Love L., 1962- author

Stanek, William R., author

Wheeler, Cass, author

Keeriyattil, Sreejith. author

Interview with Ivo Abraham, PhD, author of Economic Evaluation of Talimogene Laherparepvec Plus Ipilimumab Combination Therapy vs Ipilimumab Monotherapy in Patients With Advanced Unresectable Melanoma

Interview with Jason C.S. Yam, author of Association of Secondhand Smoking Exposure With Choroidal Thinning in Children Aged 6 to 8 Years: The Hong Kong Children Eye Study

Primary trend of the stock is positive where stock price is trading above its 200-day SMA

China is expected to provide two more ships to the Pakistan navy. Pakistan has already raised a new division of the army to ensure security along the CPEC route and in and around the Gwadar port.

Online Resource

Dewey Library - K3249.P69 2019

Dewey Library - K3263.F37 2019

Online Resource