Gonçalo Valério @dethos@s.ovalerio.net

"Allow arbitrary URLs, expect arbitrary code execution"

https://positive.security/blog/url-open-rce

#security #infosec

"we learned that someone had gained unauthorized access to our Bash Uploader script and modified it without our permission."

https://about.codecov.io/security-update/

#security

"Remote exploitation of a man-in-the-disk vulnerability in WhatsApp"

https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/

#security #infosec #android #whatsapp

"Man in the Terminal"

https://posts.specterops.io/man-in-the-terminal-65476e6165b9

#security #infosec

"uBlock Origin works best on Firefox"

https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox

#firefox #ublock #ublockorigin #privacy

"Tools Are Bought, Transformations Are Sold"

https://www.onstartups.com/startups-tools-are-bought-transformations-are-sold

#business #startups #marketing

"I Built a TV That Plays All of Your Private YouTube Videos"

https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/

#security #infosec #youtube

Python 3.9.3 and 3.8.9 are now available

(Security update)

https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html

#python #security

"H2C Smuggling in the Wild"

https://blog.assetnote.io/2021/03/18/h2c-smuggling/

#security #infosec #http

"Hidden OAuth attack vectors"

https://portswigger.net/research/hidden-oauth-attack-vectors

#security #oauth

> Whistleblower: Ubiquiti Breach “Catastrophic”

https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/

#security #infosec

"netmask” npm package, used by 270,000+ projects, vulnerable to octal input data"

https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/

#security #infosec #javascript #nodejs

"Determining Key Shape from Sound"

https://www.schneier.com/blog/archives/2021/03/determining-key-shape-from-sound.html

#security #physicalsecurity

"Middleware, middleware everywhere - and lots of misconfigurations to fix"

https://labs.detectify.com/2021/02/18/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/

#security #nginx

"This document formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those documents have been moved to Historic status."

https://datatracker.ietf.org/doc/rfc8996/

#security #infosec #tls

"Don't End The Week With Nothing"

https://training.kalzumeus.com/newsletters/archive/do-not-end-the-week-with-nothing

#productivity #work #sideprojects

After almost 2 weeks of down time, my instance is online again.

https://blog.ovalerio.net/archives/2177

🤷‍♂️