@dethos@s.ovalerio.net
@dethos@s.ovalerio.net avatar

dethos

@dethos@s.ovalerio.net

Full-stack developer with a special interest in cybersecurity.

Advocate of a free and safe Internet. Nature admirer and sports enthusiast.

[Header photo by Colin Watts, source Unsplash]

This profile is from a federated server and may be incomplete. Browse more on the original instance.

dethos, to security
@dethos@s.ovalerio.net avatar

"CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js"

https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/

dethos, to security
@dethos@s.ovalerio.net avatar

"900 Sites, 125 million accounts, 1 vulnerability"

"""
TLDR:

  • Firebase allows for easy misconfiguration of security rules with zero warnings

  • This has resulted in hundreds of sites exposing a total of ~125 Million user records, including plaintext passwords & sensitive billing information
    """

https://env.fail/posts/firewreck-1/

dethos, to security
@dethos@s.ovalerio.net avatar

"How to secure APIs built with Django"

https://securityboulevard.com/2024/01/best-django-security-practices/

dethos, to security
@dethos@s.ovalerio.net avatar

"Passkeys - Threat modeling and implementation considerations"

https://slashid.com/blog/passkeys-security-implementation/

dethos, to python
@dethos@s.ovalerio.net avatar

"Happy birthday, Django accessibility team! 🌈"

"The team has been up and running for three years, and is now looking for new members."

https://www.djangoproject.com/weblog/2024/feb/10/django-accessibility-in-2023-and-beyond/

dethos, to security
@dethos@s.ovalerio.net avatar

"Don't Believe Your Eyes - A WhatsApp Clickjacking Vulnerability"

https://00xbyte.github.io/posts/Don%27t-Believe-Your-Eyes-A-WhatsApp-Clickjacking-Vulnerability/

dethos, to webdev
@dethos@s.ovalerio.net avatar

"... I accidently enabled HSTS–on localhost"

https://bartwullems.blogspot.com/2023/07/help-i-accidently-enabled-hstson.html

dethos,
@dethos@s.ovalerio.net avatar

@michael me too!

dethos, to security
@dethos@s.ovalerio.net avatar

"Critical RCE found in popular Ghostscript open-source PDF library"

https://www.bleepingcomputer.com/news/security/critical-rce-found-in-popular-ghostscript-open-source-pdf-library/

dethos, to security
@dethos@s.ovalerio.net avatar

"Firefox 115 can silently remotely disable (any) extension on any site"

https://lapcatsoftware.com/articles/2023/7/1.html

dethos,
@dethos@s.ovalerio.net avatar

@rysiek I know 🤯

dethos, to programming Portuguese
@dethos@s.ovalerio.net avatar

"Respawning Malware Persists on PyPI"

https://blog.phylum.io/respawning-malware-persists-on-pypi/

dethos, to infosec
@dethos@s.ovalerio.net avatar

"Toyota: Car location data of 2 million customers exposed for ten years"

https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/

dethos, to infosec
@dethos@s.ovalerio.net avatar

"Testing a new encrypted messaging app's extraordinary claims"

"There's no longer any real distinction between cleartext and encrypted messages – nothing is meaningfully encrypted. For your security, you shouldn't use Converso to send any message that you wouldn't also publish as a tweet."

https://crnkovic.dev/testing-converso/

dethos,
@dethos@s.ovalerio.net avatar

@0x58 Not my research 🙂, just thought it was a good article, worth sharing.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • kavyap
  • DreamBathrooms
  • cisconetworking
  • magazineikmin
  • InstantRegret
  • everett
  • thenastyranch
  • Youngstown
  • rosin
  • slotface
  • khanakhh
  • Durango
  • mdbf
  • JUstTest
  • ethstaker
  • anitta
  • modclub
  • osvaldo12
  • normalnudes
  • ngwrru68w68
  • GTA5RPClips
  • tacticalgear
  • provamag3
  • tester
  • Leos
  • cubers
  • lostlight
  • All magazines
    •