"The danger of exposing docker.sock":
"Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild"
Always sanitize the content fetched for local-storage before injecting it on any page.
The next-generation WiFi security protocol is already broken. Devices making use of it haven’t even been released yet. https://thehackernews.com/2019/04/wpa3-hack-wifi-password.html
Nice post about how to distribute your python app as a "snap".
Mozilla plans to enable the FIDO U2F API for all Firefox users since U2F is more widespread than WebAuthn at the moment:
– WebAuthn is an official W3C Recommendation for one month and offers more secure authentication
– FIDO U2F (Universal 2nd Factor) offers secure second factor authentication and is roughly the predecessor of WebAuthn
– Firefox 60 brings support for WebAuthn
"Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem"
Project's dependencies are an important attack vector.
This must be a joke: Facebook asking users for their email password.
New LTS version of Django released. 👍 good stuff.
"Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years"
An example of the File Content Disclosure one:
"Four Wikipedias to ‘black out’ over EU Copyright Directive"
I think all of them should have participated in the protest
"Discovering a zero day and getting code execution on Mozilla's AWS Network"
The issue was on the webpagetest project but it was a nice read nevertheless.
130 EU businesses sign open letter against Copyright directive Art. 11 & 13 https://nextcloud.com/blog/130-eu-businesses-sign-open-letter-against-copyright-directive-art-11-13/ #nextcloud #pressrelease #blog #news
Some recently disclosed vulnerabilities rails developers should be aware of:
- Denial of Service Vulnerability in Action View - https://seclists.org/oss-sec/2019/q1/177
- File Content Disclosure in Action View - https://seclists.org/oss-sec/2019/q1/178
- Possible Remote Code Execution Exploit in Rails Development Mode - https://seclists.org/oss-sec/2019/q1/176
Upgrade your apps.
As requested, I also uploaded it to PeerTube: https://peertube.social/videos/watch/d9bd2ee9-b7a4-44e3-8d65-61badd15c6e6