Gonçalo Valério @dethos@s.ovalerio.net

"What is the Value of Browser Diversity?"

https://daverupert.com/2020/09/the-value-of-browser-diversity/

#web

vulnerability "that could be exploited by a remote attacker to crash and corrupt any uTorrent instance connected to the internet."

https://blog.whtaguy.com/2020/09/utorrent-cve-2020-8437-vulnerability.html

#security #netsec

"Online Casino Roulette – A guideline for penetration testers and security researchers"

https://research.nccgroup.com/2020/09/18/online-casino-roulette-a-guideline-for-penetration-testers-and-security-researchers/

#security

TIL https://publicsuffix.org/learn/

"By knowing where the user-controlled section of the domain name begins and ends, browsers can group cookies and history entries by site in a way that couldn't easily be done before."

What is the piece of software (app) you have used continuously for the longest period of time?

https://blog.ovalerio.net/archives/2021

"The surprising traits of good remote leaders"

https://www.bbc.com/worklife/article/20200827-why-in-person-leaders-may-not-be-the-best-virtual-ones

"The problem is that no one taught us to understand. Instead, we are pushed to simply to memorize. To be educated enough to do well on the test, and then to forget what we were taught, because we never actually learned it."

https://seths.blog/2020/09/self-directed-project-based-learning/

"h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext"

https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c

#security #http #infosec

"When To Use Microservices (And When Not To!)"

https://www.youtube.com/watch?v=GBTdnfD6s5Q

#programming #microservices

"GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version."

https://nvd.nist.gov/vuln/detail/CVE-2020-25125

#security #infosec #gpg #gnupg #gpg4win

"Starting September 1st, 2020, Apple Safari, Google Chrome and Mozilla Firefox will stop recognizing newly generated certificates with validity period more than 398 days."

https://medium.com/@0snet/maximum-validity-of-tls-certificates-is-now-398-days-93e340ff9d48

#security #infosec #tls #browsers

"it appears medium logs all analytics pings into HTML5 LocalStorage and will keep retrying to send them (and apparently periodically change domains and subdomains to try and send them)"

https://news.ycombinator.com/item?id=24310778

There are better solutions for a blog.

#privacy #medium

"WebBundles Harmful to Content Blocking, Security Tools, and the Open Web"

https://brave.com/webbundles-harmful-to-content-blocking-security-tools-and-the-open-web/

🤔

#security #web #webdev #webbundles

"The Internet is for End Users"

https://www.mnot.net/blog/2020/08/28/for_the_users

"Scrollbar Blindness"

https://svenkadak.com/blog/scrollbar-blindness

#webdev