Security Roundup - 2016-01-20
For those more interested in malware.
Essentially, on the server end trust nothing clients send to you. Anything you expose can and probably will be abused.
Attempting to expand the PGP Web Of Trust model to other things. Currently working on ssh trust, where admins sign public keys so users can check, rather than just blindly accepting server fingerprints.
Did you know that with new browser extensions, people can learns what your internal IP address is? Try it pre/post VPN connection!
Third party code for a specific blockchain currency contained an IRC backdoor, eventually allowing for in the ability to steal from other wallets. Cryptsy apparently knew this for a while, and has only disclosed recently. Someone pointed out this backdoor in march of last year on Github.