alesandroortiz - Network

Chrome Web Store limiting affiliate links in extensions is great. However, I'm skeptical Google will enforce it effectively.Now we need...

Chrome Web Store limiting affiliate links in extensions is great. However, I'm skeptical Google will enforce it effectively.

Now we need stronger policies and enforcement against selling user's browsing history, another popular monetization strategy in CWS.

https://www.theverge.com/news/627940/google-chrome-extensions-paypal-honey-affiliate

Doing some Chromium shenanigans with agentmellow

Doing some Chromium shenanigans with agentmellow

I hate to admit this but I actually have a dozen Chrome windows with dozens of tabs open from over a year ago. I probably should bookmark...

I hate to admit this but I actually have a dozen Chrome windows with dozens of tabs open from over a year ago. I probably should bookmark those and go back to them later, when I actually return to that area of research.

The current research itself takes several windows with at least a dozen tabs in each too...

I really miss when I could trust extensions (not that I should have in the past). I used OneTab a lot to keep paused research better organized. I've been meaning to write my own barebones extension or look for barebones one on GitHub.

Me for the past few days digging through Chromium source code. A few dozen tabs open to crsrc.org/c and crbug.com, pulling at several...

Me for the past few days digging through Chromium source code. A few dozen tabs open to crsrc.org/c and crbug.com, pulling at several threads for different vulns, tracing multiple code paths across probably hundreds of files.

Great report by Amnesty International on 3 Linux kernel/Android zero-days.Update your phones in the coming days/weeks/months (as...

Great report by Amnesty International on 3 Linux kernel/Android zero-days.

Update your phones in the coming days/weeks/months (as always).

Somehow, badly written USB firmware led to Linux kernel vulns affecting all devices, including all Android phones. And then was exploited by Cellebrite's government clients to target activists and others in civil society.

https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/

Can bad actors _guess_ credit card numbers fairly successfully in the real world?In the last 6 months, I've had 2 single-vendor virtual...

Can bad actors _guess_ credit card numbers fairly successfully in the real world?

In the last 6 months, I've had 2 single-vendor virtual business credit cards compromised. Same bank, both cards issued within the last 18 months. 1st card was used exclusively for AWS, 2nd card exclusively for another company. 2 cards from a single bank is raising alarm bells in my head.

For over a decade, I have had exactly zero credit cards compromised due to online usage (only had a couple skimmed physically).

My running theories are:
1. My bank or one of its partners is compromised/has vulnerability.
2. Bad actors are guessing the credit card numbers.

Bank obviously denies any issues on their end, but twice seems improbable. The first time was already raising alarm bells since only AWS had the card number. It happening again with a different vendor but same bank feels like something is terribly wrong. None of my other credit cards, especially the ones I use more frequently or on more suspect places, have been compromised.

I cannot fathom AWS payment info being compromised without anyone noticing for 6 months. I don't run untrustworthy browser extensions, and it's unlikely that my work laptop is compromised by credit card gangs. (Nation-state hackers are more likely.)

Am I missing something obvious here? Do credit card gangs just guess cards?

😂 Found a "super secret" Chrome flag from late...

😂 Found a "super secret" Chrome flag from late 2022:
https://chromium.googlesource.com/chromium/src/+/9bebadaa2a460012b124ba795587b1603bb3f6a2

Great resource on extension security (defense + attacks) by slonser_: https://extensions.neplox.security/Plus, nice vuln for page to access...

Great resource on extension security (defense + attacks) by slonser_:
https://extensions.neplox.security/

Plus, nice vuln for page to access extension context in Chrome using Service Workers (CVE-2024-10229): https://extensions.neplox.security/More/intro/

Found another Chromium bug accidentally while eating dinner and surfing the web.Bugs, please let me have dinner in peace. I haven't even...

Found another Chromium bug accidentally while eating dinner and surfing the web.

Bugs, please let me have dinner in peace. I haven't even started work yet after my vacation.

Content warning:uspolSure feels like we're in a constitutional crisis:...

Content warning:uspol

Sure feels like we're in a constitutional crisis: https://www.nytimes.com/2025/02/10/us/politics/trump-constitutional-crisis.html?unlocked_article_code=1.v04.Ey9o.PNGerIHSByJo&smid=url-share (free article link)

Adiós mi Puerto Rico 💔🇵🇷 Regresaré pronto.

Adiós mi Puerto Rico 💔🇵🇷 Regresaré pronto.

Content warning:uspol, puerto ricoSolo quiero un Puerto Rico libre y soberano pa' vivir en paz, coño.

Content warning:uspol, puerto rico

Solo quiero un Puerto Rico libre y soberano pa' vivir en paz, coño.

Content warning:uspolHas U.S. democracy died in darkness? Sure feels like it. 😟

Content warning:uspol

Has U.S. democracy died in darkness? Sure feels like it. 😟

🇵🇷 Estoy en mi Puerto Rico hermoso por par de semanas. Que mucho extrañaba a mi familia y nuestras playas. ♥️

🇵🇷 Estoy en mi Puerto Rico hermoso por par de semanas. Que mucho extrañaba a mi familia y nuestras playas. ♥️

Content warning:uspolWhat a fucking dark day in and around the United States.Queer and transgender people deserve better. Immigrants deserve...

Content warning:uspol

What a fucking dark day in and around the United States.

Queer and transgender people deserve better. Immigrants deserve better. People in all U.S. territories deserve better. Local and global communities affected by climate change deserve better. People in Latin America deserve better. We all deserve better.

My heart goes out to people in Los Angeles and surrounding areas. The scenes from the past couple of days have been absolutely...

My heart goes out to people in Los Angeles and surrounding areas. The scenes from the past couple of days have been absolutely heartbreaking. Please stay safe. 💔

🇵🇷🐰 La Mudanza en repeat hoy y en rotación heavy pa' todo el año: https://youtu.be/lqX1S9mFHbU🎶 Aquí mataron gente por...

🇵🇷🐰 La Mudanza en repeat hoy y en rotación heavy pa' todo el año: https://youtu.be/lqX1S9mFHbU

🎶 Aquí mataron gente por sacar la bandera
Por eso es que ahora yo la llevo donde quiera

Si mañana muero... En la caja la bandera azul clarito

De aquí nadie me saca, de aquí yo no me muevo
Dile que esta es mi casa donde nació mi abuelo
Yo soy de P fuckin' R 🇵🇷🇵🇷🇵🇷 🎵

🎉🎊 Happy New Year, New York and U.S. East Coast! 🎊🎉

🎉🎊 Happy New Year, New York and U.S. East Coast! 🎊🎉

A mis padres en Morovis (casi Corozal) les llegó la luz a las 11:40 PM. ¡Buen regalo de año nuevo!

A mis padres en Morovis (casi Corozal) les llegó la luz a las 11:40 PM. ¡Buen regalo de año nuevo!

🎉🎊🇵🇷 ¡Feliz Año Nuevo, Puerto Rico! 🇵🇷🎊🎉

🎉🎊🇵🇷 ¡Feliz Año Nuevo, Puerto Rico! 🇵🇷🎊🎉