Gonçalo Valério @dethos@s.ovalerio.net
- Github
- https://github.com/dethos
- Website
- https://ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]
Joined Apr 2017
Incident Report: Employee and Customer Account Compromise - August 4, 2022
https://www.twilio.com/blog/august-2022-social-engineering-attack
"To Uncover a Deepfake Video Call, Ask the Caller to Turn Sideways"
https://metaphysic.ai/to-uncover-a-deepfake-video-call-ask-the-caller-to-turn-sideways/
Gonçalo Valério
boosted
"Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication Service"
"Use One Big Server"
https://specbranch.com/posts/one-big-server/
Interesting discussion here: https://news.ycombinator.com/item?id=32319147
* "The Illustrated TLS 1.3 Connection": https://tls13.xargs.org/
* "The Illustrated DTLS Connection": https://dtls.xargs.org/
Gonçalo Valério
boosted
Dpaste now has a '.well-known/security.txt' file to aid in reporting of any discovered vulnerabilities. https://securitytxt.org/
"The dangers of Microsoft Pluton"
https://gabrielsieben.tech/2022/07/25/the-power-of-microsoft-pluton-2/
"Vodafone & Deutsche Telekom to introduce persistent user tracking"
https://blog.simpleanalytics.com/vodafone-deutsche-telekom-to-introduce-persistent-user-tracking
Gonçalo Valério
boosted
Roberta Arcoverde, Director at Stack Overflow, previously a staff engineer and tech lead:
Stack Overflow platform:
* .. backed by just 9 servers,
* .. run on-prem from own data center (not cloud),
* .. team of 50 engineers (up from 10 in 2014),
* .. deployed as monolith in 4min multiple times daily,
* .. pragmatic, ignore trends like k8s and microservices.
> Giving SQL 1.5 TB of RAM was more effective than caching page fragments in Redis.
https://hanselminutes.com/847/engineering-stack-overflow-with-roberta-arcoverde
"Twitter data breach exposes contact details for 5.4M accounts"
Gonçalo Valério
boosted
Hardcoded password in Confluence app has been leaked on Twitter
Link: https://arstechnica.com/information-technology/2022/07/atlassian-warns-hardcoded-password-flaw-is-likely-to-be-exploited-in-the-wild/
Discussion: https://news.ycombinator.com/item?id=32195700
Gonçalo Valério
boosted
Dutch schools must stop using Google's email and cloud services due to privacy concerns. To protect pupil's privacy, we recommend schools to switch to Tutanota, your privacy-first email service, made in Europe. 😉
https://tutanota.com/blog/posts/dutch-schools-must-stop-using-google-email-and-cloud-services
Gonçalo Valério
boosted
RT @RandoriSec
Heap buffer overflow within the Netfilter subsystem of the Linux kernel (CVE-2022-34918).
ps: @metasploit module coming soon.
Another clever hack that could be used for fingerprinting.
https://www.ctrl.blog/entry/teamviewer-font-privacy.html
This comment explain the purpose: https://news.ycombinator.com/item?id=32165103
however as a user I don't really feel comfortable if any software I end up installing uses it.
"Log4j vulnerabilities remain 'endemic', says US DHS"
https://www.itnews.com.au/news/log4j-vulnerabilities-remain-endemic-says-us-dhs-582768
"20 years of payment processing problems"
https://kaimi.io/en/2022/07/20-years-of-payment-processing-problems-en/
- Github
- https://github.com/dethos
- Website
- https://ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]
Joined Apr 2017
