Show more

"Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild"

blog.acolyer.org/2019/04/10/do

Always sanitize the content fetched for local-storage before injecting it on any page.

The next-generation WiFi security protocol is already broken. Devices making use of it haven’t even been released yet. thehackernews.com/2019/04/wpa3

Mozilla plans to enable the FIDO U2F API for all Firefox users since U2F is more widespread than WebAuthn at the moment:

blog.mozilla.org/security/2019

– WebAuthn is an official W3C Recommendation for one month and offers more secure authentication
– FIDO U2F (Universal 2nd Factor) offers secure second factor authentication and is roughly the predecessor of WebAuthn
– Firefox 60 brings support for WebAuthn

#webauthn #u2f #firefox #authentication #infosec #cybersecurity #security

"Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem"

snyk.io/blog/malicious-remote-

Project's dependencies are an important attack vector.

"Discovering a zero day and getting code execution on Mozilla's AWS Network"

blog.assetnote.io/bug-bounty/2

The issue was on the webpagetest project but it was a nice read nevertheless.

"Gearbest Hack: Hundreds of Thousands Affected Daily by Huge Data Breach"

vpnmentor.com/blog/gearbest-ha

Always knew that a large amount of these privacy policies we see on many websites are just boilerplate and complete BS.

Show more
Social feed

This is a personal and private instance.