Gonçalo Valério @dethos@s.ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
Joined Apr 2017
Gonçalo Valério
boosted
"GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services"
"Optimizing Your Web App 100x is Like Adding 99 Servers"
"NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim's NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website."
"How to get root on Ubuntu 20.04 by pretending nobody’s /home"
https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
"Git LFS (git-lfs) - Remote Code Execution (RCE)"
"A Practical Introduction to Container Security"
https://cloudberry.engineering/article/practical-introduction-container-security/
"Is a billion-dollar worth of server lying on the ground?"
https://cerebralab.com/Is_a_billion-dollar_worth_of_server_lying_on_the_ground
🤔
"Scaling Yourself" ...
"Security hardening for GitHub Actions"
Gonçalo Valério
boosted
Regarding #youtubedl situation, I strongly recommend watching Good Copy Bad Copy:
https://en.wikipedia.org/wiki/Good_Copy_Bad_Copy
You can watch it on #PeerTube thanks to @documentaries here:
https://peertube.nomagic.uk/videos/watch/20b07947-85e8-4d50-a42b-796810193c8a
Or just torrent it, as the GCBC creators suggest themselves.
One of the best moments is when an MPAA chief talks about how people won't share things for free, and you watch it in a film explicitly made to be shared on a FLOSS operating system using VLC.
We need #copyreform.
"The Surprising Impact of Medium-Size Texts on PostgreSQL Performance"
"GitHub Gist - Account takeover via open redirect"
https://devcraft.io/2020/10/19/github-gist-account-takeover.html
"The Zerologon vulnerability has been reported to affect some versions of QTS.
If exploited, this elevation of privilege vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network. The NAS may be exposed to this vulnerability if users have configured the device as a domain controller..."
"Chrome exempts Google sites from user site data settings"
https://lapcatsoftware.com/articles/chrome-google.html
Is anyone surprised?
"Not all attacks are equal: understanding and preventing DoS in web applications"
https://jacobian.org/2020/sep/11/analyzing-dos-vulnerabilities/
"Introduction to HashiCorp Boundary"
https://www.youtube.com/watch?v=tUMe7EsXYBQ
Interesting, looking forward to see how it evolves.
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
Joined Apr 2017
