Gonçalo Valério @dethos@s.ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
Joined Apr 2017
"XSSing Google Employees — Blind XSS on googleplex.com"
"Improve Serialization Performance in Django Rest Framework"
Gonçalo Valério
boosted
Mozilla published a new GPG key that will be used to sign the Firefox release manifests in future:
https://blog.mozilla.org/security/2019/06/13/updated-firefox-gpg-key/
The new GPG subkey’s fingerprint is 097B 3130 77AE 62A0 2F84 DA4D F1A6 668F BB7D 572E, and it expires 2021-05-29.
#mozilla #firefox #signing #infosec #security #cybersecurity
"Less capabilities, more security: minimizing privilege escalation in Docker"
https://pythonspeed.com/articles/root-capabilities-docker-security/
"Dataclasses and attrs: when and why"
https://www.revsys.com/tidbits/dataclasses-and-attrs-when-and-why/
Gonçalo Valério
boosted
The Story of FreedomBox (2019) - PeerTube on Mastodon.host
https://peertube.mastodon.host/videos/watch/cfdc2182-64c7-4749-9820-6308ed0cc319
#freedombox #decentralized #network #republica19 #privacy #security
Interesting article about new ways advertisers can use to fingerprint our devices:
"Disclosing TOR users' real IP address through 301 HTTP Redirect Cache Poisoning"
https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/
🤔
Gonçalo Valério
boosted
Modern credential management – security tokens, password managers, and a simple spreadsheet:
https://infosec-handbook.eu/blog/modern-credential-management/
– there are no "secure" or "insecure" credentials as long as you don't define your own threat model
– use password managers to actually manage (not only store) passwords
– use a spreadsheet to keep track of the rest (SSH keys, GPG keys)
#credentials #password #management #infosec #security #cybersecurity #2fa #u2f #webauthn
An example of how your local/development webservers might be accessible to any website you visit.
http://http.jameshfisher.com/2019/05/26/i-can-see-your-local-web-servers/
Some git tips to make you more productive:
Interesting post summing up the experience of working remotely for 10 years.
https://blog.viktorpetersson.com/2019/05/18/a-decade-of-remote.html
"Stealing Downloads from Slack Users"
https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63
Understanding the MDS vulnerability: What it is, why it works and how to mitigate it
Wow
https://www.reddit.com/r/sysadmin/comments/bn38pp/oracle_wallet_master_key_lost/
More discussion here: https://news.ycombinator.com/item?id=19885627
As someone said:
> This once again reinforces the point that a backup is worthless if you haven't tested restore.
Nice post about some important HTTP headers:
https://www.twilio.com/blog/a-http-headers-for-the-responsible-developer
Local-first software - You own your data, in spite of the cloud
https://www.inkandswitch.com/local-first.html
🤔
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
Joined Apr 2017
