Andrea Scarpino @ilpianista@functional.cafe

Why the HELL do people push their ~/ config files to public git repositories 🤦‍♂️
I was looking for a specific file and I got access to the #Trello board of this guy. This is just one example... there are SO MANY and for all tastes (GitHub, Spotify, cookies ...) #security

(if you are wondering, I mailed the guy and got a 'thanks')

Deliveroo, UberEats and Glovo users data exposed via an e-commerce app: https://scarpino.dev/posts/i-went-out-for-dinner-and-i-took-some-endpoint.html

#security #privacy

Details of 6k Italian loans were exposed to all

https://scarpino.dev/posts/sharing-your-loan-details-to-anyone.html

#security #privacy

This is unfortunate, but it was to be expected: https://vimeo.com/453948863 #covid #security #privacy

So, #SHA-1 is officially deprecated? #security

https://eprint.iacr.org/2020/014.pdf

BusKill: A Kill Cord for your Laptop

https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/

#security

Do you use #Intel? Well, it looks like we are fucked. #security

MDS Attacks: Microarchitectural Data Sampling

https://mdsattacks.com/#ridl-ng

Urgent #security issue in NGINX/php-fpm #Nextcloud

https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/

Apache Solr injection #security

https://github.com/artsploit/solr-injection

What a news... #security

https://www.contextis.com/en/blog/basic-electron-framework-exploitation

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? #security

https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5