Tag
#apple
Facebook's pursuit of your personal data continues, and now it has a new target: photos on your phone that you haven't shared with it yet.
This week on the Lock and Code podcast, we speak with Becky Holmes about how she tricks, angers, and jabs at romance scammers online.
Apple and Google espouse strong values about data privacy, but they allow programs from a Big Brother state to thrive on their app stores, researchers allege.
In a 6-3 decision, the Supreme Court held that age verification for explicit sites is constitutional. In a dissent, Justice Elena Kagan warned it burdens adults and ignores First Amendment precedent.
Tech Transparency Project warns Chinese-owned VPNs like Turbo VPN and X-VPN remain on Apple and Google app stores, raising national security concerns.
FBI tracked IntelBroker as UK’s Kai West using an email address, crypto trails, YouTube activity and forum posts after dozens of high-profile data breaches and darknet activity.
Four alleged ShinyHunters members arrested, IntelBroker exposed as British national Kai West in global crackdown linked to BreachForums and major data breaches.
Kaspersky uncovers SparkKitty, new spyware in Apple App Store & Google Play. Steals photos, targets crypto info, active since early 2024 via malicious apps.
Scammers used Inferno Drainer to steal $43,000 in crypto from 110 CoinMarketCap users through a fake wallet prompt embedded in the site’s front-end.
### Summary The RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect. ### Details The RedirectSlashes method uses the Host header to construct the redirectURL at this line https://github.com/go-chi/chi/blob/v5.2.1/middleware/strip.go#L55 The Host header can be manipulated by a user to be any arbitrary host. This leads to open redirect when using the RedirectSlashes middleware ### PoC Create a simple server which uses the RedirectSlashes middleware ``` package main import ( "fmt" "net/http" "github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5/middleware" // Import the middleware package ) func main() { // Create a new Chi router r := chi.NewRouter() // Use the built-in RedirectSlashes middleware r.Use(middleware.RedirectSlashes) // Use middleware.RedirectSlashes // Define a route handler r.Get("/", func(w http.ResponseWriter, r *http.Request) { // A simple response w.Write([]byte("Hello, World!")) }) ...