Gonçalo Valério @dethos@s.ovalerio.net
- Github
- https://github.com/dethos
- Keybase
- https://keybase.io/dethos
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast. https://ovalerio.net
Joined Apr 2017
"Everything you should know about certificates and PKI but are too afraid to ask"
Gonçalo Valério
boosted
Was going to sign up for a Pinebook until I hit the ReCAPTCHA.
It is the height of irony to force people to make a surveillance capitalist smarter in order to order your “open source” laptop.
Gonçalo Valério
boosted
#GitLab Critical Security Release: 11.5.3, 11.4.10, 11.3.12 | GitLab
https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/
!in !tw
Cool article about the whole infrastructure behind HTTPS and TLS:
https://robertheaton.com/2018/11/28/https-in-the-real-world/
Typically monocultures are bad and are approaching one on the web.
https://andregarzia.com/2018/12/while-we-blink-we-loose-the-web.html
"Remotely Hijacking Zoom Clients", a nice explanation of the vulnerability:
https://medium.com/tenable-techblog/remotely-exploiting-zoom-meetings-5a811342ba1d
Gonçalo Valério
boosted
event-stream: vulnerability in the npm package explained
https://schneid.io/blog/event-stream-vulnerability-explained/
#npm #exploit #eventstream #opensource #nodejs #javascript #infosec #cybersecurity #security
Gonçalo Valério
boosted
Gonçalo Valério
boosted
This is quite scary, beware.
Backdoor in event-stream library dependency - https://github.com/dominictarr/event-stream/issues/116
Plain-text passwords strike again. But at least this stuff is starting to get some attention and "companies" being fined.
https://www.theregister.co.uk/2018/11/23/knuddels_fined_for_plain_text_passwords/
List of web security issues and tricks that we should be aware of:
https://blog.georgovassilis.com/2016/04/16/advanced-web-security-topics/
Gonçalo Valério
boosted
Debunking 5 common web security and privacy myths:
https://infosec-handbook.eu/blog/web-security-myths/
– "external scanning of websites discovers all issues"
– "random HTTP response headers mean security"
– "HTTPS means security"
– "external content is bad"
– "JS/Cookies are bad"
Nice post showing how PostgreSQL's "PQExecParam" and "server-side prepared statements" can help you easily avoid SQL injections.
"What is best vs What looks best"
Gonçalo Valério
boosted
List and short introduction of 29 Docker security tools:
Gonçalo Valério
boosted
StefanKeller: Re MAPTCHA - ReMAPTCHA - A free, map-based anti-spam service that enhances OpenStreetMap
https://wiki.hsr.ch/StefanKeller/wiki.cgi?ReMAPTCHA
At last, some tools to stop working for free for Google and contribute to the commons while reducing spam!
Cool post about the complexities of doing proper crash reporting in python desktop applications:
https://blogs.dropbox.com/tech/2018/11/crash-reporting-in-desktop-python-applications/
- Github
- https://github.com/dethos
- Keybase
- https://keybase.io/dethos
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast. https://ovalerio.net
Joined Apr 2017
