Show more

"Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild"

Always sanitize the content fetched for local-storage before injecting it on any page.

The next-generation WiFi security protocol is already broken. Devices making use of it haven’t even been released yet.

Mozilla plans to enable the FIDO U2F API for all Firefox users since U2F is more widespread than WebAuthn at the moment:

– WebAuthn is an official W3C Recommendation for one month and offers more secure authentication
– FIDO U2F (Universal 2nd Factor) offers secure second factor authentication and is roughly the predecessor of WebAuthn
– Firefox 60 brings support for WebAuthn

#webauthn #u2f #firefox #authentication #infosec #cybersecurity #security

"Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem"

Project's dependencies are an important attack vector.

"Discovering a zero day and getting code execution on Mozilla's AWS Network"

The issue was on the webpagetest project but it was a nice read nevertheless.

"Gearbest Hack: Hundreds of Thousands Affected Daily by Huge Data Breach"

Always knew that a large amount of these privacy policies we see on many websites are just boilerplate and complete BS.

Some recently disclosed vulnerabilities rails developers should be aware of:

- Denial of Service Vulnerability in Action View -

- File Content Disclosure in Action View -

- Possible Remote Code Execution Exploit in Rails Development Mode -

Upgrade your apps.

"Why is no one signing their emails?"

Good point. We should push for this to be more common.

Show more
Social feed

This is a personal and private instance.