Show newer

"Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell."

"What happens if malicious code is uploaded to npm under these names? Is it possible that some of PayPal’s internal projects will start defaulting to the new public packages instead of the private ones?"

"For instance, the main culprit of Python dependency confusion appears to be the incorrect usage of an “insecure by design” command line argument called --extra-index-url."

"Why npm lockfiles can be a security blindspot for injecting malicious modules"

I would say this also applies to other languages and package managers.

"As an interim solution to help people in Iran get connected again, we’ve added support in Signal for a simple TLS proxy that is easy to set up, can be used to bypass the network block, and will securely route traffic to the Signal service."

"Growth, where it no longer serves a purpose beyond the accumulation of more growth — in the form of investors’ returns, company coffers and the personal wealth of founders — is worshipped. And the cost is astronomical."

They were so busy asking “will it scale?” they forgot to ask “does it need to scale?”

Element on Google Play Store -

> We submitted an appeal asking for clarification at 23:18, and at 05:31 received an update from the Google Play Policy team citing that the app has been removed due to content which contravenes their terms of use, and asking us to “make the necessary changes to [our] app” and “upload a new app using a new package name and a new app name”


#google #matrix #element

"... bought the domain name used in the NS delegations for the ccTLD of the Democratic Republic of Congo (.cd) and temporarily took over 50% of all DNS traffic for the TLD ..."

Show older
Social feed

This is a personal and private instance.