The submission site for #SecWeb '24 is now live at https://secweb24.secpriv.tuwien.ac.at. The deadline is on Feb 22, just 2 weeks from now! It's time to get your papers ready, we are looking forward to your submissions! 🌐📜
Announcing the release of ProtoBurp++ (our fork of ProtoBurp)! ProtoBurp++ is a #burpsuite extension that enables #security researchers to encode/decode and fuzz custom Protobuf messages. It allows for fuzzing inputs using Burp's Repeater, Intruder tools and Active Scanner, as well as proxying traffic from other tools (e.g., sqlmap). Check it out today!
A few days ago, someone asked me for advice about a slow website.
Upon analysis, the server wasn't the issue—it was running #Linux#CentOS7 on bare metal. However, the site was operating on PHP 5.4 (default for CentOS 7) and was entirely custom-made.
I suggested updating everything, especially since CentOS 7 is nearing its EOL, and transitioning the web application to work on PHP 8.
Their response? "We don't want to do it." They wanted me to set up a new, optimized server to run PHP 5.4. I explained the risks and the nonsensical nature of this, only to hear that they found someone willing to install PHP 5.4 on a new system. So, if I refused, they'd give the job to someone else.
I replied, "Good luck," and ended the conversation.
It saddens me that some in the IT world would opt for such shortcuts rather than striving for a more secure web.
I have a question if you don't mind indulging me. I've used a VPN for a while, but all of a sudden, a bunch of popular retail sites have stopped working for me - unless I turn off my VPN.
Same thing is happening to my family member, who uses a different VPN.
I use a Chromium-based browser (I know, I know, I have excuses lol), and he uses a Firefox variant.
So... has it begun? Is this the start of the "web integrity" apocalypse?
Introducing Session Hijacking Visual Exploitation (SHVE): A new tool for taking #xss exploitation to the next level - remotely viewing a target's browser
Apparently humans are worse at solving capcha than bots.
My greatest mystery: I can better solve the super complicated #darkweb#captcha but not casual ones. Pictures are really a mess.
@scott my friend Rens ([1] who’s not on Mastodon) advises:
“The SVG code needs to be in the HTML code itself, not loaded in as an IMG. If you paste the SVG code in HTML directly, you can give ID's and classes to the objects, and manipulate them as DOM objects.
It's a safety issue to not be able to load SVG files as an external image and manipulate the contents.”
Hey @Vivaldi noticed that vivaldi.net is one of the all-greens on Hardenize.
I'd move my mails to vivaldi.net, but I have size worries, still use other providers, & own domain.
Do you have any plans to implement paid size plan, & features like automatic IMAP fetch, external sending SMTP, own domain management?
RT @phptek
Attention all #PHP developers! @TimB0nd will be speaking at #PHPTek 2023 about how attackers are using your API to access your data. Don't miss "Attackers want your data, and they're getting it from your API." Register now at https://tek.phparch.com#websecurity