|
Juliano Rizzo
@
julianor
402F906F1E19A3BF4A137E5B2D48D3F7BF5E1193
|
|
Security, Cryptography, Cryptocurrency,
|
|
|
12.290
Tweetovi
|
1.440
Pratim
|
8.329
Osobe koje vas prate
|
| Tweetovi |
| Juliano Rizzo proslijedio/la je tweet | ||
|
dawgyg
@thedawgyg
|
4. velj |
|
When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018) #bugbountytip #bugbounty
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
7 h |
|
yes I remember that, :-/ while users trust they check what they include from Chrome
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
7 h |
|
yes, but the touchpad...
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
8 h |
|
lol :) I mean why people need to use Chrome if you have Chromium. I use Chrome when ..I don't remember exactly probably some extension?
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
8 h |
|
The web we deserve 👇, this weather app gives you the info and leaves you alone. twitter.com/igor_chubin/st…
|
||
|
|
||
| Juliano Rizzo proslijedio/la je tweet | ||
|
let me know how i can be helpful
@vcstarterkit
|
12 h |
|
After being on VC Twitter for a while, you are able to categorize most tweets into a set of categories.
Looking at the last 24 hours of my feed, here’s a thread of the types of tweets I saw.
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
9 h |
|
delete twitter.com/TheHackersNews…
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
11 h |
|
fulfill it for free?
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
16 h |
|
I don't know, and I'm not sure if huge amounts of money are sent to addresses resolved from names.
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
16 h |
|
CVE-2020-5232 means you could "mine" a ENS name instead of buying it from the owner. A bit costly. What is the price of the most expensive ENS name?
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
16 h |
|
delete twitter.com/internetofshit…
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
18 h |
|
5.4 Ghz 😯 twitter.com/m_e_e_t_a/stat…
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
19 h |
|
Top 5 Favorite Bugs Reported to DropBox Bug Bounty blogs.dropbox.com/tech/2020/02/d… 👍
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
19 h |
|
People cannot change their chat apps without first changing their way of thinking. All the info collected about you will be used against you, at least against your pocket. It's easy to get rid of things when there is an obvious reason for doing so.
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
19 h |
|
Why not Chromium ?
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
4. velj |
|
if you use TV..you want to be owned
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
4. velj |
|
We need ctrl-z because programmers are lame so ..no
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
3. velj |
|
I never save passwords and that was my main motivation to report: that page says "save this password in your PM" what? PM I don't use that 💩if you send a link with a token to login instead of generating a password for users it will be more secure and practical for ppl like me
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
3. velj |
|
XSS=third party script :) my question was: third party called "crazy egg"can get a my plaintext password ? a nonce is used to bypass/whitelist a CSP rule if you have the rule is because you care. But that 3rd party in the password retrieval page looks like a mistake to me
|
||
|
|
||
|
Juliano Rizzo
@julianor
|
3. velj |
|
Why rogue third party is less than Medium? if you have the script-src CSP directive is because you don't want third party scripts.
|
||
|
|
||