Server-Side Request Forgery, often shortened to SSRF, is a broad vulnerability class that typically includes coercing a server into making network connections. SSRF commonly, but not always, involves the victim server issuing HTTP(s) requests. The impact can vary greatly, ranging from sensitive information disclosure, to remote code execution or authorization bypasses. The impact is always very contextual. For example, an SSRF vulnerability in software running on AWS EC2 may lead to instance credentials being disclosed via the instance metadata site (more on this later), while the same vulnerability may have little to no security impact if it is running on a temporary Digital Ocean droplet. Any endpoint that allows users to enter hostnames, URIs, or ports is potentially vulnerable, and should always be checked for SSRF exploit scenarios.
Bug affected users of Google Takeout exporting from Google Photos in late November
Google has said a software bug resulted in some users’ personal videos being emailed to strangers.
The flaw affected users of Google Photos who requested to export their data in late November. For four days the export tool wrongly added videos to unrelated users’ archives.Continue reading...
As Facebook turns 16, we look at how to keep your personal information safe from prying eyes
The post Facebook privacy settings: Protect your data with these tips appeared first on WeLiveSecurity