What can I say? and there is the possibility that not even your text editor will tell you that those characters are there.
Nice intro to the steps that a penetration test goes through and some of the tools that could be used.
RSS is still an important and very useful part of the open web, as this piece of Wired remembers its reader:
For those developing websites and "apps" using Django, it's easy to add support for RSS. You can check a recent blog post where I describe the steps here:
Design or decoration?
Designers, developers, engineers… are you building tools that just empower people or shiny, addictive traps that farm them? Are you part of the problem or the solution?
(And, more importantly, what kind of world do you want to live in and are you contributing towards that?)
Developing or auditing smart-contracts for the Ethereum blockchain? Here is a set of tools that might make your life easier and your contracts safer.
An example of the amount of data that facebook collects about users:
Similar/related experiences on the HN discussion: https://news.ycombinator.com/item?id=16656604
Note: Other companies might do the same, this is just an example.
Adversarial simulation 🤔
Are you working on a SaaS project/company? Please take a look on the following security checklist:
It might prevent future regrets.
Nice intro about how to check for newly inserted data on the IPFS network, using its rust crate:
Some important aspects to take into account when building/working with a distributed team:
Awesome reference for common Django "admin" configurations:
Not sure what is more shocking:
A CA having 23k private keys of their customer's certs and the CEO emailing them: http://blog.koehntopp.info/index.php/3075-how-not-to-run-a-ca/
A CA having a website which allows RCE as root, from a website input: https://arstechnica.com/information-technology/2018/03/trustico-website-goes-dark-after-someone-drops-critical-flaw-on-twitter/
I'm just speechless.
"Smart-contracts" a new topic with its own security considerations.
Always important to save some time, to gradually fix and improve what already has been done.
Nice post explaining the usage of async code in python (asyncio) in practice, without diving into deeper implementation details.