bubu
LightNews LightNews
banner
albertofdr.bsky.social
bubu
@albertofdr.bsky.social
200 followers 150 following 10 posts
about://inducebrowsercrashforrealz 🍕🖥️
https://albertofdr.github.io/
Posts Replies Media Videos
Reposted by bubu
pagedout.bsky.social
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!

Please please please share to spread the news - thank you!
October 4, 2025 at 10:39 AM
Reposted by bubu
matrix.org
So: the matrix.org database secondary lost its FS due to a RAID failure earlier today (11:17 UTC). Then, we lost the primary at 17:26. We're trying to restore the primary DB FS (which could be fastish), while also doing a point-in-time backup restore from last night (which takes >10h).
Matrix.org
Matrix, the open protocol for secure decentralised communications
matrix.org
September 2, 2025 at 7:02 PM
albertofdr.bsky.social
Excited to share that I’ll be speaking at #DefCampRO in November. See you there! 🇷🇴
September 2, 2025 at 7:24 PM
Reposted by bubu
intenttoship.dev
Blink: Intent to Ship: Escape "<" and ">" in attributes on serialization
Blink: Intent to Ship: Escape "<" and ">" in attributes on serialization
Blink: Intent to Ship: Escape "<" and ">" in attributes on serialization
groups.google.com
May 9, 2025 at 9:33 AM
albertofdr.bsky.social
That's me!
euskalhack.bsky.social EuskalHack @euskalhack.bsky.social · May 2
Hoy os presentamos a Alberto Fernández de Retana como ponente confirmado de EuskalHack Security Congress VIII y su ponencia "Exploring Browser Permissions and Exploiting Permission Hijacking" > securitycongress.euskalhack.org/index_es.htm...
May 3, 2025 at 12:52 PM
Reposted by bubu
intenttoship.dev
Blink: Intent to Deprecate and Remove: Remove auto-detection of ISO-2022-JP charset in HTML
Blink: Intent to Deprecate and Remove: Remove auto-detection of ISO-2022-JP charset in HTML
Blink: Intent to Deprecate and Remove: Remove auto-detection of ISO-2022-JP charset in HTML
groups.google.com
April 7, 2025 at 5:41 PM
albertofdr.bsky.social
Hope Bluesky adds bookmarks soon. I can't wait to have hundred of bookmarks I’ll never read, while lying to myself that I will.
February 10, 2025 at 10:42 AM
albertofdr.bsky.social
I posted a blog about how browser permissions work. albertofdr.github.io/web-security...
You Shall Not Get Access 🧙🏻‍♂️: Browser Permissions | WebSec!
Web Security Educational Blog
albertofdr.github.io
January 29, 2025 at 12:16 PM
Reposted by bubu
april.social
Handling Cookies is a Minefield:

Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.

grayduck.mn/2024/11/21/h...
facebook error netflix error okta error whatsapp error
November 21, 2024 at 5:11 PM
Reposted by bubu
yu5k3.bsky.social
If you missed it, my #DEFCON talk "Exploiting the Unexploitable: Insights from the Kibana Bug Bounty" is now live on YouTube!

youtu.be/H-bhmSwnRdY
DEF CON 32 - Exploiting the Unexploitable Insights from the Kibana Bug Bounty - Mikhail Shcherbakov
YouTube video by DEFCONConference
youtu.be
November 27, 2024 at 9:08 AM
Reposted by bubu
httparchive.org
🚨 Introducing the 2024 Web Almanac, our annual "state of the web" report!

🔖 almanac.httparchive.org/en/2024/

21 chapters (11 publishing today, the rest to follow)
65 contributors for today's chapters (more to follow)
17M websites analyzed
83 TB of data processed
628 queries written
The 2024 Web Almanac
The Web Almanac is an annual state of the web report combining the expertise of the web community with the data and trends of the HTTP Archive.
almanac.httparchive.org
November 11, 2024 at 4:30 PM