
Sign up to save your podcasts
Or
Send us a text
Several popular Chrome extensions, including privacy and security tools, have been found leaking sensitive data through unencrypted HTTP and hard-coded credentials in their code. Security is both hard and easy - hard because of existing unencrypted protocols and trust placed in developers, but easy because fundamental security practices should be common knowledge in 2025.
• Chrome extensions including DualSafe Password Manager and Avast Online Security are leaking sensitive user data
• HTTP vs HTTPS - the 'S' stands for security and encrypts data transmission over the internet
• HTTPS Only extension from EFF forces secure connections when browsing
• Hard-coded credentials in extensions create permanent security vulnerabilities
• Developers sometimes collect excessive data "just in case" rather than minimizing collection
• OWASP (Open Web Application Security Project) provides essential resources for developers
• Technology abstraction makes users less aware of security fundamentals
• The newly restarted OWASP Nomad chapter offers virtual community for application security
Check out our GitHub repository of privacy resources at "Awesome Privacy Engineering Tools" for more information on implementing better privacy practices in development.
Support the show
4.6
2828 ratings
Send us a text
Several popular Chrome extensions, including privacy and security tools, have been found leaking sensitive data through unencrypted HTTP and hard-coded credentials in their code. Security is both hard and easy - hard because of existing unencrypted protocols and trust placed in developers, but easy because fundamental security practices should be common knowledge in 2025.
• Chrome extensions including DualSafe Password Manager and Avast Online Security are leaking sensitive user data
• HTTP vs HTTPS - the 'S' stands for security and encrypts data transmission over the internet
• HTTPS Only extension from EFF forces secure connections when browsing
• Hard-coded credentials in extensions create permanent security vulnerabilities
• Developers sometimes collect excessive data "just in case" rather than minimizing collection
• OWASP (Open Web Application Security Project) provides essential resources for developers
• Technology abstraction makes users less aware of security fundamentals
• The newly restarted OWASP Nomad chapter offers virtual community for application security
Check out our GitHub repository of privacy resources at "Awesome Privacy Engineering Tools" for more information on implementing better privacy practices in development.
Support the show
4,350 Listeners
361 Listeners
1,006 Listeners
66 Listeners
312 Listeners
166 Listeners
314 Listeners
74 Listeners
1,080 Listeners
23 Listeners
127 Listeners
12 Listeners
12,918 Listeners
7 Listeners
2,285 Listeners