David’s take
If you aren't yet a Premium subscriber, you missed yesterday's analysis about a potential flaw in several secure messaging group chats, and what you should do about it. Go to our Premium page and sign up, subscription plans start at $10/month with multiple newsletters and corporate plans available. Premium subscribers get an additional Thursday newsletter, usually with a single analysis topic.
Another person associated with the SecureDrop service has died. James Dolan, who worked on the program with Aaron Swartz, was 36. Dolan's cause of death was suicide. SecureDrop is an offering from the Freedom of the Press Foundation and used by many journalists all over the world for secure communication with their sources. Dolan was the foundation’s first full-time staffer. Dolan left the foundation two years ago to work on a San Diego startup. The foundation’s website has more details.
I am a big supporter and user of password managers, but here is a new twist on how they can be exploited. Technically, it isn’t the managers’ fault. Third-party scripts can inject invisible login forms that can capture a username and password, which the attacker uses for credential theft. While this vulnerability has been long known, this is the first time that such abuse has been documented. Take a closer look at the attack on the link and understand how you and your users can avoid it.
-- David Strom, Editor of Inside Security