"Attacking Cloud Containers Using SSRF"
The "hackerone" report is also worth reading.
"What can I use to encrypt my Linux filesystem?":
– LUKS/LVM supports full-disk encryption (and optionally 2FA)
– ext4 supports folder-based encryption
– eCryptFS/encfs are outdated/unmaintained
– GoCryptFS uses modern crypto but leaks metadata
– CryFS uses modern crypto and hides metadata but is slower than GoCryptFS
Thanks to Mr. Schumacher from Magdeburger Institut für Sicherheitsforschung
"abusing web browsers for persistent and stealthy computation"
Sure ... "unintentionally"...
The one you should use for now is: "uBlock Origin"
"The danger of exposing docker.sock":
"Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild"
Always sanitize the content fetched for local-storage before injecting it on any page.
The next-generation WiFi security protocol is already broken. Devices making use of it haven’t even been released yet. https://thehackernews.com/2019/04/wpa3-hack-wifi-password.html
Nice post about how to distribute your python app as a "snap".
Mozilla plans to enable the FIDO U2F API for all Firefox users since U2F is more widespread than WebAuthn at the moment:
– WebAuthn is an official W3C Recommendation for one month and offers more secure authentication
– FIDO U2F (Universal 2nd Factor) offers secure second factor authentication and is roughly the predecessor of WebAuthn
– Firefox 60 brings support for WebAuthn
"Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem"
Project's dependencies are an important attack vector.
This must be a joke: Facebook asking users for their email password.
New LTS version of Django released. 👍 good stuff.
"Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years"
An example of the File Content Disclosure one:
"Four Wikipedias to ‘black out’ over EU Copyright Directive"
I think all of them should have participated in the protest