Gonçalo Valério @dethos@s.ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]
Joined Apr 2017
"How (and Why) to Use AppRole Correctly in HashiCorp Vault"
https://www.hashicorp.com/blog/how-and-why-to-use-approle-correctly-in-hashicorp-vault
"Remove the auth header and you are root!"
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
Gonçalo Valério
boosted
⚠️ IMPORTANT: Users of Element Desktop/Web/Android, FluffyChat & Nheko should upgrade immediately to address a critical encryption vulnerability.
We are not aware of this being exploited in the wild yet, but as the bug is now disclosed please upgrade now. https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
"SSH Lateral Movement Cheat Sheet"
https://highon.coffee/blog/ssh-lateral-movement-cheat-sheet/
"Email Authenticity 101: DKIM, DMARC, and SPF"
https://www.alexblackie.com/articles/email-authenticity-dkim-spf-dmarc/
"The All-Seeing "i": Apple Just Declared War on Your Privacy"
"Razer bug lets you become a Windows 10 admin by plugging in a mouse"
"Inside Figma: securing internal web apps"
https://www.figma.com/blog/inside-figma-securing-internal-web-apps/
"Protect domains that do not send email "
https://www.gov.uk/guidance/protect-domains-that-dont-send-email
"The EU decided to let providers search all private chats, messages, and emails automatically for suspicious content – generally and indiscriminately."
Gonçalo Valério
boosted
The wait is almost over!
0 A.D. Alpha 25 “Yaunã," will officially be released tomorrow, Sun 8th Aug 2021.
The release will be staggered through the course of the day and will be announced on http://play0ad.com
Good read about desync attacks that exploit http2 downgrades
"Snapcraft Packages Come With Extra Baggage"
Gonçalo Valério
boosted
"Probably Are Gonna Need It: Application Security Edition"
"The OAuth flow implemented in Mattermost server v5.32 > v5.36 is affected by a reflected XSS. An unauthenticated attacker might gain access to the victim’s session."
https://www.shielder.it/advisories/mattermost-server-reflected-xss-oauth/
"OpenSSH ssh-agent Shielded Private Key Extraction (x86_64 Linux)"
https://security.humanativaspa.it/openssh-ssh-agent-shielded-private-key-extraction-x86_64-linux/
Gonçalo Valério
boosted
Incredibly exciting to get official confirmation that Germany's health service (@gematik1@twitter.com) has standardised on Matrix for secure decentralised communications, targeting all 150,000 healthcare organisations in Germany(!!!) 🤯 Read all about it at https://matrix.org/blog/2021/07/21/germanys-national-healthcare-system-adopts-matrix 💉🇩🇪🚀
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]
Joined Apr 2017
