I just delivered a sql injection to a graphql endpoint* and my mind is quite blown atm 🤯
(*on a pentesterlabs exercise, not a real service!)
0xf00
boosted
Facebook Messenger still scans all messages, even with end-to-end encryption. Scanning is done locally on the device before text messages are sent and after received messages are decrypted.
Facebook privacy lol
#til: mysql driver has an option to create the db upon connection if doesn't exist already (as long as the user connecting has CREATE permissions), e.g.:
`jdbc:mysql://localhost:3306/someschema?createDatabaseIfNotExist=true`
0xf00
boosted
My colleague Kief Morris is curating the website "Infrastructure as Code", modeled after his book by the same name: https://infrastructure-as-code.com/
Also, he just made the source of the site, including all the useful information open source, so people can submit PRs and suggestions for improving the material: https://github.com/kief/infrastructure-as-code.com
I find it incredibly valuable, especially as a reference material. Have a read, improve it, let's all benefit from the aggregated knowledge!
I wonder if it's easy to write a fargate backend for garden now...
only after going through the pain of setting up a concourse cluster in fargate I realise that actually, it could never work as concourse needs privileged mode and fargate doesn't allow it 😭
0xf00
boosted
'Dear Tech Company'
https://www.dearbigtech.org/
"with great security comes great usability" -- security spiderman's uncle
quantum typing: when the waveform of your typing skill collapses when observed by your pair
I just rolled out my own test framework for infra tests in bash and it took 5 minutes and I have working tests and I'm not ashamed
0xf00
boosted
me: DevOps is good for your organization, your delivery and your culture
enterprise: We already do DevOps!
me: Oh cool, show me!
enterprise:
0xf00
boosted
Well, it finally happened to me: My very own creepy Facebook moment.
But I don't even use Facebook.
https://www.brainonfire.net/blog/2019/02/17/my-own-creepy-facebook-surveillance-moment/
TL;DR: Facebook account I opened 8.5 years ago and never used receives "recommendation", out of the blue, to check out a small store I only just learned existed and started patronizing.
(That account: No phone number, no friends, no profile info, sort-of-fake name, dedicated email address. Me: No smartphone, didn't pay by credit card.)
0xf00
boosted
Server hardening–some people install arbitrary security software to "harden" their server.
Hardening is about removing/disabling functions, accounts, services etc., not about installing random packages.
Basic hardening tips:
– install a minimal operating system + firewall
– regularly update your OS
– remove/disable unused packages, interfaces, services
– secure and monitor your log files
– backups!
Tools like Lynis suggest more tips that need careful consideration.
0xf00
boosted
guess which all-powerful tech monopoly is breaking ublock origin (and umatrix, and likely many other similar add-ons, such as noscript) in their browser, which happens to be the most popular browser in the world?
https://bugs.chromium.org/p/chromium/issues/detail?id=896897&desc=2#c23
who could have foreseen this? who would ever think that an advertising company's web browser would end up breaking compatibility with an ad blocker? frankly i'm shocked
0xf00
boosted
Remote Code Execution in apt/apt-get
day of rabbitholes based on confusing output and mistaken assumptions
but I got spotbugs+findsecbugs pipelines working!
I hacked an #ethereum smart contract for a #ctf challenge and now I feel super cool 😎 https://ropsten.etherscan.io/tx/0xcfede920ce0cdb1aeae7608bdfb9965c14b1adf1ca2fc7f3e1f3ed72244f8b67#eventlog
even though it's actually a very basic attack, turns out #junior35c3ctf
