Gonçalo Valério @dethos@s.ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
Joined Apr 2017
"Discovering Unsecured Firebase Databases"
https://goonsecurity.com/discovering-unsecured-firebase-databases/
"Firefox 79 includes protections against redirect tracking"
"Windows 10: HOSTS file blocking telemetry is now flagged as a risk"
🤷♂️
Small intro to XSS and details to take into consideration when developing websites using the Django Framework
https://tonybaloney.github.io/posts/xss-exploitation-in-django.html
"Zoom Security Exploit – Cracking private meeting passwords"
https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/
"New" security features added to recent versions of Chrome (and Firefox).
https://security.googleblog.com/2020/07/towards-native-security-defenses-for.html
"HTML sanitization bypass in Ruby Sanitize < 5.2.1"
https://research.securitum.com/html-sanitization-bypass-in-ruby-sanitize-5-2-1/
"Breach Exposed More Than One Million DNA Profiles On A Major Genealogy Database"
https://www.buzzfeednews.com/article/peteraldhous/hackers-gedmatch-dna-privacy
"Clipboard injection on the Financial Times"
Gonçalo Valério
boosted
KeePassXC for beginners – setup and basic usage:
https://infosec-handbook.eu/blog/keepassxc-password-management-basics/
In this tutorial for beginners, we set up and show a typical use case of KeePassXC, an open-source password manager.
#KeePassXC #PasswordManagement #Passwords #InfoSec #Security #cybersecurity
"The European Court of Justice has declared invalid one of the two legal methods companies use to transfer EU citizens' data to the United States."
Gonçalo Valério
boosted
"13% of my website visitors block Google Analytics"
https://markosaric.com/google-analytics-blocking/
The real value can be even bigger, since the other analytics tool, used in the comparison, could also have been blocked.
"Cultivate good ideas. But don't be in a rush to execute on all of them; let the bad ideas fall away. Wait until you feel the strong pull of the market; then start executing."
"django-two-factor-auth versions 1.11 and before store the user's password in clear text in the user session (base64-encoded)."
"Estonian Electronic Identity Card: Security Flaws in Key Management"
https://www.usenix.org/conference/usenixsecurity20/presentation/parsovs
Nice read
Gonçalo Valério
boosted
Malicious JavaScript in image metadata used to steal data; then, images are used again to exfiltrate data:
– Malware uses Exif metadata to inject JavaScript that steals data.
– Afterward, the data is exfiltrated as an image via GET/POST to another server.
– As a server admin, frequently update the server software, and monitor file integrity + network traffic. Moreover, set a strict Content Security Policy.
epidemiology 101 with nice playable simulations (related to covid-19)
"Fixers Know What ‘Repairable’ Means—Now There’s a Standard for It"
https://de.ifixit.com/News/35879/repairability-standard-en45554
👍
"Written communication is remote work super power"
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
Joined Apr 2017
