Gonçalo Valério @dethos@s.ovalerio.net
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast. https://ovalerio.net
- Github
- https://github.com/dethos
- Keybase
- https://keybase.io/dethos
Cool write up:
https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/
Always: DEBUG=False for any Django website exposed to the internet.
Would also like to congratulate `migueldemoura` for the nice work.
Disclosure of (now fixed) vulnerabilities on the Portuguese tax entity website, that exposed all Portuguese citizens and companies to serious risk (account takeover).
This is an important service of the Government and it is a shame that such an high profile website has so many basic security issues. Didn't they make any security audit? Why did it take 8 months to address this? 🤦♂️
EFF: Telling the Truth About Defects in Technology Should Never, Ever, Ever Be Illegal. EVER.
💯
"what can happen when a SSL certificate can outlive one of its domains' ownerships into the next"
After posting 718 articles to Read Rust, I've written up some insights on how people can help ensure their blog is readable, attributable, and discoverable.
http://www.wezm.net/technical/2018/08/anatomy-of-a-great-rust-blog/
Cases where setting "Content Security Policy" headers do not provide a great improvement.
Accessibility on the web should not neglected
https://blog.logrocket.com/the-easiest-way-to-keep-your-web-apps-accessible-c2b57506cc2a
Note: the author should follow his own recommendations and change the code snippets to text instead of using images.
Handling users passwords and credentials in 2018, one approach:
https://medium.com/@harwoeck/password-and-credential-management-in-2018-56f43669d588
Great news from the audit to OpenPGP.js:
https://protonmail.com/blog/openpgpjs-protonmail-security-audit/
As we heavily use it on #hawkpost (https://hawkpost.co), time to upgrade to the new version.
Some tips about working with celery on your python projects:
https://blog.daftcode.pl/working-with-asynchronous-celery-tasks-lessons-learned-32bb7495586b
That says something about cybersecurity, does it not? And not much good.
It's a real benefit of #opensource that you (and others) can inspect the code you run and know you've not been compromised by a single disgruntled employee at a vendor or distributor of your software.
Half of IT pros say it would be easy to turn to #cybercrime without getting caught, according to @TechRepublic. Explore their research: https://www.techrepubli…
https://twitter.com/F5NetworksME/status/1029253805915996160
How data is stored by Ethereum nodes, an overview:
https://hackernoon.com/getting-deep-into-ethereum-how-data-is-stored-in-ethereum-e3f669d96033
"...the vulnerabilities would allow an attacker to download footage off a camera, edit things out or potentially make more intricate modifications, and then re-upload it, leaving no indication of the change." https://www.wired.com/story/police-body-camera-vulnerabilities/
GPG Sync 0.2 is released! It's an open source tool to make it easier for every member of an organization to have up-to-date versions of every other members' PGP public keys.
This version looks way nicer, is more stable, and now has support for Windows.
Here is a list of security tips for #nodejs web developers:
https://medium.com/@nodepractices/were-under-attack-23-node-js-security-best-practices-e33c146cb87d
Every day that goes by, I give more and more value to good documentation.
Here is a good summary on how to do it with Python:
