| Tweetovi |
| FD proslijedio/la je tweet | ||
|
INTIGRITI
@intigriti
|
17 h |
|
Today, we are launching #BugBusiness, a series of interviews with #BugBounty hunters. In our first edition, we are discussing logic flaws and @securitytxt with @EdOverflow ! 🐸
Who would you like to see interviewed next? Leave a comment! 👇
go.intigriti.com/bugbusiness-1
|
||
|
|
||
| FD proslijedio/la je tweet | ||
|
Verifpal
@verifpal
|
31. sij |
|
Getting started with cryptographic protocol analysis is now easier than ever!
Check out our new 17-minute video tutorial, now on YouTube – it covers Verifpal’s language, how to use Verifpal to verify post-compromise secrecy in Signal, and more: youtu.be/4__KcGU2ALE
|
||
|
|
||
|
FD
@filedescriptor
|
31. sij |
|
😀!!
|
||
|
|
||
|
FD
@filedescriptor
|
31. sij |
|
Yes you can say that
|
||
|
|
||
|
FD
@filedescriptor
|
31. sij |
|
Thanks! We wanted to focus on techniques that don't rely on reconnaissance
|
||
|
|
||
|
FD
@filedescriptor
|
31. sij |
|
@ngalongc, @EdOverflow, and I are starting a new security blog.
In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.
blog.reconless.com/samesite-by-de… pic.twitter.com/5R23YmpksT
|
||
|
|
||
| FD proslijedio/la je tweet | ||
|
alex
@insertScript
|
26. sij |
|
As I have no cool new findings, lets start the year with an old IE bug - bypassing Content-Disposition: attachment with mhtml: insert-script.blogspot.com/2020/01/intern…
|
||
|
|
||
|
FD
@filedescriptor
|
26. sij |
|
The change is to make SameSite default
|
||
|
|
||
|
FD
@filedescriptor
|
25. sij |
|
That's a relief hearing this from a Googler :D
|
||
|
|
||
|
FD
@filedescriptor
|
25. sij |
|
Confirmed by a Microsoft employee!!1
|
||
|
|
||
|
FD
@filedescriptor
|
25. sij |
|
And they are mostly Intranet only
|
||
|
|
||
|
FD
@filedescriptor
|
25. sij |
|
Exactly and way more
|
||
|
|
||
|
FD
@filedescriptor
|
25. sij |
|
Indeed a great article that sheds some light on the possibilities to circumvent the restrictions. However this changes also kill more than just CSRF and in long term they will go eventually. I will write a blog post on this subject
|
||
|
|
||
|
FD
@filedescriptor
|
25. sij |
|
Enterprise clients are less affected
|
||
|
|
||
|
FD
@filedescriptor
|
25. sij |
|
Guess what they are going to kill next
|
||
|
|
||
|
FD
@filedescriptor
|
25. sij |
|
Flash dies.
Edge/IE dies.
CSRF dies.
2020 marks the end of client-side vulnerabilities.
|
||
|
|
||
|
FD
@filedescriptor
|
31. pro |
|
Microsoft Edge (And Internet Explorer) is the only browser that allows running JavaScript from a <script> without the end tag
<script async src=data:,alert(1)>
|
||
|
|
||
|
FD
@filedescriptor
|
20. stu |
|
“Police will not do them without any reasons” end of discussion.
|
||
|
|
||
|
FD
@filedescriptor
|
20. stu |
|
Ask @pnig0s since he knows
|
||
|
|
||
|
FD
@filedescriptor
|
20. stu |
|
Without context, setting a fire on people IS a crime. I’m asking it the last time despite you attacked me personally: do you think that police beating innocent people and no penalty to the police justifies? I’m not even talking protesters but normal citizens.
|
||
|
|
||