Posts by valorin@infosec.exchange
(DIR) Post #AJ13M0dULrWcNfsCDg by valorin@infosec.exchange
2022-05-01T17:16:55Z
0 likes, 0 repeats
Ok #infosec folks, I'm pretty new to Burp Suite: What are your favourite tips and recommendations?
(DIR) Post #AJpHcQ9RtrWo5QFXUm by valorin@infosec.exchange
2022-05-25T23:28:04Z
0 likes, 1 repeats
If you're using https://packagist.org/packages/hautelook/phpass, you'll want to swap it out for something else and rotate your creds and keys ASAP.The package was hijacked and modified to steal creds like AWS keys from your machines.See: https://riskybiznews.substack.com/p/risky-biz-news-python-and-php-libraries#PHP #security
(DIR) Post #ANFpEsREAc3wvsVsem by valorin@infosec.exchange
2022-09-05T12:29:05Z
0 likes, 0 repeats
12 months ago I started a little mailing list called Laravel Security in Depth, with the ambitious idea to send out weekly emails about @laravelphp@twitter.com Security...12 months of emails later and it's going strong with over 1k subscribers! π₯³#Laravelhttps://larasec.substack.com/p/12-months-of-laravel-security-in
(DIR) Post #ANFpEtBfNxD3FuEy2a by valorin@infosec.exchange
2022-09-05T12:29:09Z
0 likes, 0 repeats
The mailing list is focused around monthly In Depth articles, covering a specific Laravel security concept, with security tips in the other weeks. Aimed at developers of all skill levels and security knowledge.
(DIR) Post #ANFpEtkPImzyzeUiBs by valorin@infosec.exchange
2022-09-05T12:29:13Z
0 likes, 0 repeats
I've covered a wide variety of topics from encryption, to policy objects, to magic email codes & links, content security policies, and lots more!Not only are there emails, but I also built 4 interactive hacking demos to learn more about the topics covered.
(DIR) Post #ANFpEuEtTRNwWCl3i4 by valorin@infosec.exchange
2022-09-05T12:29:16Z
0 likes, 1 repeats
I am incredibly proud of what I've managed to accomplish with it over the year, and I have some really fun plans for the future!If you're a Laravel developer, and want to learn more about security (which you really should!) then check it out: https://larasec.substack.com/
(DIR) Post #APXjMudmYeLW7GfLM0 by valorin@infosec.exchange
2022-11-11T06:22:19Z
0 likes, 0 repeats
I wonder if it's time to turn off my Twitter cross-poster?It felt useful when I wasn't using this much, but I wonder now if it's more spammy?
(DIR) Post #APXjMvFiHcgg0uPdTc by valorin@infosec.exchange
2022-11-11T06:28:07Z
0 likes, 0 repeats
I also keep wondering if here (infosec.exchange) or https://phpc.social/ is a better instance for me?I spend my time in both worlds, learning and applying infosec as part of my work, but almost all of what I do is focused on the #php and #laravel worlds.Now, if there was a Laravel specific instance, it would probably be an easier choice. π€
(DIR) Post #APXjMwcnBIk6GmDa5Y by valorin@infosec.exchange
2022-11-11T07:09:19Z
0 likes, 0 repeats
@matts Yeah it is rather interesting. π€
(DIR) Post #APXjMyE3EG8lEceqno by valorin@infosec.exchange
2022-11-12T07:04:05Z
0 likes, 0 repeats
@hosker @matts which app do you use?
(DIR) Post #APXjMzJ3D9jYaQ0MEa by valorin@infosec.exchange
2022-11-12T23:26:03Z
0 likes, 0 repeats
@hosker @matts I was using @apps, but ever since my instance updated to v4, the notifications have been broken showing me only old ones. πI'm guessing there is an update coming soon that will fix it though.
(DIR) Post #ASowNiEmWP8zpXnTTU by valorin@infosec.exchange
2023-02-18T10:56:34Z
0 likes, 1 repeats
Let me make this clear: SMS 2FA is NOT insecure! π‘It is always going to be more secure than just using a password. It's just less secure than using an App or hardware token.Twitter removing it like this is definitely a bad thing. Non-tech folks will simply disable 2FA.
(DIR) Post #ASowNjuIJXwd0aE8oq by valorin@infosec.exchange
2023-02-18T10:56:35Z
0 likes, 0 repeats
They won't understand what an authenticator app is, or how to get one, and threatening them to disable 2FA because it's a paid feature suggests it's a premium feature and they won't understand.To properly remove SMS 2FA you need to educate non-tech users, which is hard.
(DIR) Post #AVhw10mkds4xHmZvyC by valorin@infosec.exchange
2023-05-16T08:31:06Z
0 likes, 0 repeats
Ok, #PHP & #Laravel folks... What comes to mind when you hear the words: "Insecure Function"? π±
(DIR) Post #AViBgWMrcfMOQFimC8 by valorin@infosec.exchange
2023-05-16T11:56:05Z
0 likes, 0 repeats
@wogan This is an awesome answer! π€©I completely agree - functions should be clear what they do. Great example with the Request object - worryingly, that behaviour is far too common. π
(DIR) Post #AWQ0vPlzHIywuIxt1U by valorin@infosec.exchange
2023-06-06T00:50:52Z
0 likes, 1 repeats
I'm going to do a series on https://securinglaravel.com debunking the various "PHP and/or Laravel is Insecure" claims. Because they are getting pretty ridiculous... πWhat claims would you like me to debug? π΅οΈ#PHP #Laravel (Pls boost for reach)
(DIR) Post #AWQhyxwMzrcZm0lF20 by valorin@infosec.exchange
2023-06-06T23:25:16Z
0 likes, 0 repeats
@wogan Good points, thanks! I spent some time in the WP security space, so my urge is to defend WP core (it's the plugins and themes that are insecure), but you're definitely right that the perception of WP being insecure hangs around PHP quite significantly. Folks assume that WP is insecure because of PHP, which is absurd. π
(DIR) Post #AWShGN7guVPtA1iDjs by valorin@infosec.exchange
2023-06-07T22:26:37Z
0 likes, 0 repeats
@wogan Completely agreed.That said, WP's nature is very different from a commercial app store. But the difference is lost on users, much like the WP vs Plugins insecurity discussion.WP is in a tough position.
(DIR) Post #AWdjCHjXgBOEtzJQNk by valorin@infosec.exchange
2023-06-13T00:36:25Z
0 likes, 0 repeats
Am understanding this correctly? Reddit is imploding because its users are protesting Reddit copying Musk's anti-3rd-party BS? Or is there more to it?
(DIR) Post #AWfDdgrtWq2YSRAAQi by valorin@infosec.exchange
2023-06-13T23:09:38Z
0 likes, 0 repeats
@stefanzweifel Wow, ok.It's like EM's acquisition of Twitter has opened the floodgates for other CEOs to be arseholes... π€¦