Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
fx-private-relay
Keep your email safe from hackers and trackers. Make an email alias with 1 click, and keep your address to yourself.
> was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data.
Depending on the injection vulnerability data can be exfiltrated, there are tools lime sqlmap https://sqlmap.org/
And this is why users protect themselves with services like Firefox Relay, something Dustin Ingram, a Python Software Foundation Director, doesn't appear to understand [1] or care. My email was leaked in this breach, along with many others, an email I used to really value but one I've relegated to the dumpster fire of "spam slot" because I learned my lesson too late.
Dustin has now locked that GitHub to only previous contributors so users are once again left voiceless and powerless in the continuing war against their privacy.
We've been thinking of the business owners and the children [2] for decades now. It's time to start thinking of the users, people like you and me who are exploited constantly for everything they have to be unceremoniously discarded in a waste heap once they've been used up.
[1] https://github.com/disposable-email-domains/disposable-email...
[2] https://news.ycombinator.com/item?id=29978952
And this is why users protect themselves with services like Firefox Relay, something Dustin Ingram, a Python Software Foundation Director, doesn't appear to understand [1] or care. My email was leaked in this breach, along with many others, an email I used to really value but one I've relegated to the dumpster fire of "spam slot" because I learned my lesson too late.
Dustin has now locked that GitHub to only previous contributors so users are once again left voiceless and powerless in the continuing war against their privacy.
We've been thinking of the business owners and the children [2] for decades now. It's time to start thinking of the users, people like you and me who are exploited constantly for everything they have to be unceremoniously discarded in a waste heap once they've been used up.
[1] https://github.com/disposable-email-domains/disposable-email...
[2] https://news.ycombinator.com/item?id=29978952
There's a python "app" called subliminal (with a simple CLI) that handles the whole enchilada for you - identify the movie, contact several subtitle dbs to download the appropriate subtitles.
Not sure how up-to-date it is kept, but for me it works reasonably well, except for obscure films.
https://github.com/Diaoul/subliminal
The end user's agent (browser) should handle the key management behind the scenes. Even without hardware tokens it's still at least as good as a software-based password manager. A Hierarchical Deterministic key system similar to the BIP32 scheme used by most Bitcoin wallets[0] would only require a single master private key per user to support any number of unrelated identities. That key could be generated from a master password, synced to each device through an enrollment process, or stored on a hardware token.
[0] https://github.com/bitcoin/bips/blob/master/bip-0032.mediawi...
Firefox Relay misses some emails due to misconfiguration of TLS. That might be the issue. This issue report is still open:
https://github.com/mozilla/fx-private-relay/issues/757
Related posts
- Restful API Testing (my way) with Express, Maria DB, Docker Compose and Github Action
- Is this sql query in django safe?
- Enhancing Code Quality and Security: Building a Rock-Solid CI Test Suite for Seamless Development
- 👨🏻💻Securing Your Web Applications from SQL Injection with SQLMap
- Are these good projects to have? (appsec)