TIL: tls server offers different subsets of ciphers among those configured depending on key type (rsa/ecdsa)

I just delivered a sql injection to a graphql endpoint* and my mind is quite blown atm 🤯

(*on a pentesterlabs exercise, not a real service!)

0xf00 boosted

Facebook Messenger still scans all messages, even with end-to-end encryption. Scanning is done locally on the device before text messages are sent and after received messages are decrypted.

Facebook privacy lol

forbes.com/sites/kalevleetaru/

: mysql driver has an option to create the db upon connection if doesn't exist already (as long as the user connecting has CREATE permissions), e.g.:
`jdbc:mysql://localhost:3306/someschema?createDatabaseIfNotExist=true`

0xf00 boosted

My colleague Kief Morris is curating the website "Infrastructure as Code", modeled after his book by the same name: infrastructure-as-code.com/

Also, he just made the source of the site, including all the useful information open source, so people can submit PRs and suggestions for improving the material: github.com/kief/infrastructure

I find it incredibly valuable, especially as a reference material. Have a read, improve it, let's all benefit from the aggregated knowledge!

I wonder if it's easy to write a fargate backend for garden now...

only after going through the pain of setting up a concourse cluster in fargate I realise that actually, it could never work as concourse needs privileged mode and fargate doesn't allow it 😭

"with great security comes great usability" -- security spiderman's uncle

quantum typing: when the waveform of your typing skill collapses when observed by your pair

I just rolled out my own test framework for infra tests in bash and it took 5 minutes and I have working tests and I'm not ashamed

0xf00 boosted

me: DevOps is good for your organization, your delivery and your culture
enterprise: We already do DevOps!
me: Oh cool, show me!
enterprise:

0xf00 boosted
0xf00 boosted

Well, it finally happened to me: My very own creepy Facebook moment.

But I don't even use Facebook.

brainonfire.net/blog/2019/02/1

TL;DR: Facebook account I opened 8.5 years ago and never used receives "recommendation", out of the blue, to check out a small store I only just learned existed and started patronizing.

(That account: No phone number, no friends, no profile info, sort-of-fake name, dedicated email address. Me: No smartphone, didn't pay by credit card.)

0xf00 boosted

Server hardening–some people install arbitrary security software to "harden" their server.

Hardening is about removing/disabling functions, accounts, services etc., not about installing random packages.

Basic hardening tips:
– install a minimal operating system + firewall
– regularly update your OS
– remove/disable unused packages, interfaces, services
– secure and monitor your log files
– backups!

Tools like Lynis suggest more tips that need careful consideration.

#lynis #hardening #infosec

0xf00 boosted

guess which all-powerful tech monopoly is breaking ublock origin (and umatrix, and likely many other similar add-ons, such as noscript) in their browser, which happens to be the most popular browser in the world?

bugs.chromium.org/p/chromium/i

who could have foreseen this? who would ever think that an advertising company's web browser would end up breaking compatibility with an ad blocker? frankly i'm shocked

0xf00 boosted

day of rabbitholes based on confusing output and mistaken assumptions
but I got spotbugs+findsecbugs pipelines working!

I hacked an smart contract for a challenge and now I feel super cool 😎 ropsten.etherscan.io/tx/0xcfed
even though it's actually a very basic attack, turns out

Show more
Toot.ThoughtWorks

This instance is running on ThoughtWorks infrastructure to allow its employees to create an account and interact with the rest of the Fediverse.

DISCLAIMER: The views or opinions expressed by the users of this instance are solely their own and do not necessarily represent the views or opinions of ThoughtWorks, Inc.