Gonçalo Valério @dethos@s.ovalerio.net
- Github
- https://github.com/dethos
- Website
- https://ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]
Joined Apr 2017
Gonçalo Valério
boosted
Serious security vulnerability in Tails 5.0 due to security vulnerability in the JavaScript engine of Firefox and Tor Browser.
how it is affecting Tails:
https://tails.boum.org/security/prototype_pollution/
This vulnerability will be fixed in Tails 5.1 (May 31), but our team doesn't have the capacity to publish an emergency release earlier.
A warning about this security vulnerability is displayed during system start.
By that we make sure all Tails user are well informed.
Gonçalo Valério
boosted
RT @pypi
Incident report on malicious takeover of ctx package on PyPI has been published.
Read details, mitigation, analysis, and more at https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html
"The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking"
"BPFDoor — an active Chinese global surveillance tool"
https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896
🤔
"How to Disable Ad ID Tracking on iOS and Android, and Why You Should Do It Now"
Gonçalo Valério
boosted
The EU Commission is planning automatic CSAM scanning of your private communication – or total surveillance in the name of child protection. But Europe is not China. Together we will fight for privacy! Sign the petition: https://aktion.campact.de/datenschutz/chatkontrolle-stoppen/teilnehmen
Read more: https://tutanota.com/blog/posts/eu-surveillance-csam
"Some top 100,000 websites collect everything you type—before you hit submit"
Not cool 🤨
"Faster, more memory-efficient Python JSON parsing with msgspec"
https://pythonspeed.com/articles/faster-python-json-parsing/
"... An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under a superuser identity."
Gonçalo Valério
boosted
The EU Commission is planning automatic CSAM scanning of your private communication – or total surveillance in the name of child protection. This would be the worst surveillance apparatus outside of China, and completely disproportionate. Affected would be all communication providers, also when operating outside of Europe. We must fight against this draft to protect our privacy! 💪💪💪
https://tutanota.com/blog/posts/eu-surveillance-csam/
"Along this journey, we found a few things. Command injection, container escapes, our Github tokens, Cloudflare’s Github tokens, Cloudflare API Keys to Cloudflare Organisation, and Cloudflare’s Azure API tokens amongst other things."
"Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so."
https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79
"Themes from Real World Crypto 2022"
https://blog.trailofbits.com/2022/05/03/themes-from-real-world-crypto-2022/
Those side channels ... crazy stuff...
"CVE-2022-21449: Psychic Signatures in Java"
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
Heroku's "breach" looks to be even worse than what was previously shared.
First Github integration, now passwords... whats next?
"Increasing the surface area of blogging"
https://tomcritchlow.com/2022/04/21/new-rss/
Some nice ideas. Perhaps I should implement some of them in https://github.com/dethos/worker-planet
Gonçalo Valério
boosted
"RFC 9116
A File Format to Aid in Security Vulnerability Disclosure"
https://www.rfc-editor.org/rfc/rfc9116
Seems it's official, the RFC for "securiy.txt" got published.
- Github
- https://github.com/dethos
- Website
- https://ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]
Joined Apr 2017
