"Privacy-Preserving" Attribution: Mozilla Disappoints Us Yet Again
https://blog.privacyguides.org/2024/07/14/mozilla-disappoints-us-yet
#privacy #firefox #browsers #web
“Extracting wisdom” from conference videos
https://blog.ovalerio.net/archives/2900
#ai #ollama #fabric
"The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub."
https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/
#security #infosec #netsec #supplychain #python #pypi
"Well, it's just an AWS Account ID!"
https://mail.cloudsecurity.club/p/well-just-aws-account-id
#security #aws
"Django security releases issued: 5.0.7 and 4.2.14"
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
* CVE-2024-38875 [moderate]: Potential denial-of-service in django.utils.html.urlize
* CVE-2024-39329 [low]: Username enumeration through timing difference for users with unusable passwords
* CVE-2024-39330 [low]: Potential directory-traversal in django.core.files.storage.Storage.save
* CVE-2024-39614 [moderate]: Potential denial-of-service in django.utils.translation.get_supported_language_variant
#security #django
"Reverse Engineering TicketMaster's Rotating Barcodes"
"Universal Code Execution by Chaining Messages in Browser Extensions"
https://spaceraccoon.dev/universal-code-execution-browser-extensions/
#security #browsers #browserextensions #web #chrome
"Catching Compromised Cookies"
https://slack.engineering/catching-compromised-cookies/
#security #web #cookies
"Switzerland mandates software source code disclosure for public sector"
#publiccode
"...discovered a vulnerability (a signal handler race condition) in
OpenSSH's server (sshd): if a client does not authenticate within
LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions)"
"This vulnerability is exploitable remotely on glibc-based Linux systems, ... an unauthenticated remote code execution as root,
because it affects sshd's privileged code, which is not sandboxed and
runs with full privileges."
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
#security #netsec #linux #ssh
"tldr: There’s a security vulnerability (CVE-2024-27867) in the firmware of Apple AirPods. Anyone who knows the Bluetooth MAC address (which is somewhat public) can connect to your AirPods and listen to the microphone or play music."
https://blogs.gnome.org/jdressler/2024/06/26/do-a-firmware-update-for-your-airpods-now/
#security #apple #airpods
"How to Publish a Python Package to PyPI"
https://www.pythonpapers.com/p/how-to-publish-a-python-package-to
#python #pypi
"...recently published packages to identify any that reference polyfill[.]io in any capacity."
https://blog.phylum.io/a-note-about-polyfill/
#security #web #javascript
"Simple ways to find exposed sensitive information"
https://www.trickster.dev/post/simple-ways-to-find-exposed-sensitive-information/
#security #web #infosec
"Two bluetooth vulnerabilities in Windows"
https://ynwarcs.github.io/z-btadv-cves
(2023)
#security #cybersecurity #bluetooth #windows
"EU Council has withdrawn the vote on Chat Control"
https://stackdiary.com/eu-council-has-withdrawn-the-vote-on-chat-control/
However,
"In July, the Council Presidency will transfer from Belgium to Hungary, which has stated its intention to advance negotiations on chat control as part of its work program."
Another round is coming.
#eu #europeanunion #chatcontrol
"The decline of the user interface"
https://www.infoworld.com/article/3715333/the-decline-of-the-user-interface.html
#ui #ux
"Building to Prevent Subdomain Takeovers"
https://ramimac.me/subdomain-takeovers
#security #netsec #infosec #cybersecurity