Gonçalo Valério @dethos@s.ovalerio.net
- Github
- https://github.com/dethos
- Keybase
- https://keybase.io/dethos
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast. https://ovalerio.net
Joined Apr 2017
"Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years"
😱
An example of the File Content Disclosure one:
https://twitter.com/iblueconnection/status/1107702203349979136
"Four Wikipedias to ‘black out’ over EU Copyright Directive"
https://wikimediafoundation.org/2019/03/20/four-wikipedias-to-black-out-over-eu-copyright-directive/
I think all of them should have participated in the protest
"Discovering a zero day and getting code execution on Mozilla's AWS Network"
https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/
The issue was on the webpagetest project but it was a nice read nevertheless.
Gonçalo Valério
boosted
130 EU businesses sign open letter against Copyright directive Art. 11 & 13 https://nextcloud.com/blog/130-eu-businesses-sign-open-letter-against-copyright-directive-art-11-13/ #nextcloud #pressrelease #blog #news
"Gearbest Hack: Hundreds of Thousands Affected Daily by Huge Data Breach"
https://www.vpnmentor.com/blog/gearbest-hack/
Always knew that a large amount of these privacy policies we see on many websites are just boilerplate and complete BS.
Some recently disclosed vulnerabilities rails developers should be aware of:
- Denial of Service Vulnerability in Action View - https://seclists.org/oss-sec/2019/q1/177
- File Content Disclosure in Action View - https://seclists.org/oss-sec/2019/q1/178
- Possible Remote Code Execution Exploit in Rails Development Mode - https://seclists.org/oss-sec/2019/q1/176
Upgrade your apps.
"Why is no one signing their emails?"
https://arp242.net/weblog/signing-emails.html
Good point. We should push for this to be more common.
Gonçalo Valério
boosted
As requested, I also uploaded it to PeerTube: https://peertube.social/videos/watch/d9bd2ee9-b7a4-44e3-8d65-61badd15c6e6
Gonçalo Valério
boosted
170 years of German publishers demanding special copyrights for the press because of new technology.
The snippet taxes of Article 11 will be used to enrich publishers at the expense of actual journalism.
Gonçalo Valério
boosted
Malware using Slack for C&C instead of IRC? That's new
https://www.csoonline.com/article/3359182/hackers-use-slack-to-hide-malware-communications.html
https://www.csoonline.com/article/3359182/hackers-use-slack-to-hide-malware-communications.html
Gonçalo Valério
boosted
The ACME Protocol is an IETF Standard https://letsencrypt.org/2019/03/11/acme-protocol-ietf-standard.html
"3 million vehicles can be unlocked remotely via trivially discovered web API vulnerability"
https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
"unhackable" is a very strong word.
Very interesting chat about "DevOps at Amazon":
Gonçalo Valério
boosted
"W3C approves #WebAuthn as the web standard for password-free logins"
Password Managers: Under the Hood of Secrets Management
https://www.securityevaluators.com/casestudies/password-manager-hacking/
It would be nice read a similar analysis for password managers that also run on Linux such as: keepassX, keepassXC, pass, etc.
#security #infosec #password-manager #passwords
"Incidents — Trends from the Trenches"
https://m.subbu.org/incidents-trends-from-the-trenches-e2f8497d52ed
An overview about the causes of production incidents
Gonçalo Valério
boosted
History is made: petition opposing the EU's #Article13 internet censorship plan draws more signatures than any petition in human history
https://boingboing.net/2019/03/05/no-filternets-nein.html
- Github
- https://github.com/dethos
- Keybase
- https://keybase.io/dethos
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast. https://ovalerio.net
Joined Apr 2017
