Gonçalo Valério @dethos@s.ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]
Joined Apr 2017
Gonçalo Valério
boosted
It’s Global Encryption Day, and we’re proud to stand with dozens of other organizations that are calling on governments and the private sector to reject efforts to undermine encryption. https://www.eff.org/deeplinks/2021/10/global-encryption-day-lets-stand-privacy-and-security
"A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection"
"AWS WAF's Dangerous Defaults"
"Composability is the only game in town – Roam, shipping containers, Lego and Twitter."
"Bypassing required reviews using GitHub Actions"
https://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7
Fixes for 2 "HTTP Request Smuggling" vulnerabilities on Node.js were released a few moments ago:
Gonçalo Valério
boosted
Study reveals scale of data-sharing from Android mobile phones:
Even when minimally configured and the handset is idle, with the notable exception of e/OS, these vendor-customized Android variants transmit substantial amounts of information to the OS developer and to third parties such as Google, Microsoft, LinkedIn, and Facebook that have pre-installed system apps. There is no opt-out from this data collection.
I happen to be using /e/ OS for the last ~2 years on all my #android phones and quite pleased to read it.
"Why Authorization is Hard"
Gonçalo Valério
boosted
Remember our toot about Nextcloud synchronisation? 🎉 Seems we have a winner!
🔄 With the merging of https://github.com/AntennaPod/AntennaPod/pull/5243#issuecomment-937046643 it will be possible to sync AntennaPod with a gPodder 'server' in your own Nextcloud instance.
Will be available in AntennaPod 2.5!
"... iPhones aren't as private as you think"
"Using 1Password's `op` CLI tool exposes your secrets to other users on your system."
"fail2ban – Remote Code Execution" (CVE-2021-32749)
https://research.securitum.com/fail2ban-remote-code-execution/
Gonçalo Valério
boosted
Uhm... I think #NSA and #CIA deployed #PiHole:
"""
"The IC has implemented network-based ad-blocking technologies and uses information from several layers, including Domain Name System information, to block unwanted and malicious advertising content," the CIO recently told Wyden's office, according to the letter.
"""
https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous
"How (and Why) to Use AppRole Correctly in HashiCorp Vault"
https://www.hashicorp.com/blog/how-and-why-to-use-approle-correctly-in-hashicorp-vault
"Remove the auth header and you are root!"
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
Gonçalo Valério
boosted
⚠️ IMPORTANT: Users of Element Desktop/Web/Android, FluffyChat & Nheko should upgrade immediately to address a critical encryption vulnerability.
We are not aware of this being exploited in the wild yet, but as the bug is now disclosed please upgrade now. https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
"SSH Lateral Movement Cheat Sheet"
https://highon.coffee/blog/ssh-lateral-movement-cheat-sheet/
"Email Authenticity 101: DKIM, DMARC, and SPF"
https://www.alexblackie.com/articles/email-authenticity-dkim-spf-dmarc/
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]
Joined Apr 2017
