To help everyone apply best practices, I wrote a NPM package to manage the communication with your secure iframes, as described in the article: totally-legit-secure-data-handler.
(comments)
U2F Zero
U2F Zero is a USB token that works with any service that supports U2F (more), like Google services. It works for 2 factor authentication or sometimes even password replacement. No drivers needed. Just plug it in and press a button.
Joinery
The ability to negotiate different ciphers dynamically is an own-goal.
Posture
If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them.
[Read More]
Embedded
Hospira Lifecare PCA infusion pump running “SW ver 412” does not require authentication for Telnet sessions, which allows remote attackers to gain root privileges via TCP port 23.
Understatement
Microsoft was notified on Oct 13, 2014.