Olivia
Online
Olivier Dony
@odony
Defending against Dark Arts at @Odoo ;-) Tweets rarely, mostly about science, Odoo, software engineering, data protection and security. @[email protected]
Belgium
Joined July 2009
425 Following
3K Followers
2K Posts
@maanosherni @Odoo Thanks for reporting. We detect and shut down many abusive websites every day, but some may slip by. You can report them directly to our abuse team for quick handling, see also https://t.co/0HSCcFz8Ns
According to the authors, any domain hosted on O365 could be successfully spoofed using another O365 domain and a forwarding rule. GMail hosted domains could also be spoofed if they hosted a M-L, for example.
Most impacted providers have apparently fixed the vulnerabilities ✨
Interesting preprint: E. Liu et al., "Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy"¹
A survey of email authentication and forwarding quirks of major mail providers, and how this could be used for spoofing
__
¹ https://t.co/RU1rrmDppG
@ggellatly yes, it's a human-driven process, and you know humans😇
TBH for the 16.0 subscription overhaul we've tried a version w/ automatic renewal & invoicing. But we had to backtrack that, it was creating too much overhead in refunds for the renewals who were never paid (for any reason)
Who to follow
Fabien Pinckaers
@fpodoo
Odoo Founder: making companies a better place, one app at a time.
OCA
@OdooCommunity
Odoo Community Association
Mastodon: [email protected]
Odoo Status
@OdooStatus
Technical tweets about https://t.co/ZGz91WGzH6, the Odoo Clouds (SaaS and PaaS/SH) and the infrastructure supporting it
@ggellatly Oops, turns out it was expired for 2+ months w/ renewal overdue, and got auto-closed when we turned on the feature🤦
Sorry about that, improvement is in progress: force closing notif, as both sides were surprised here: https://t.co/oSRyUwye6v
Is everything sorted out now for you?
Detecting increasing numbers of credential stuffing attacks via botnets on our website.
Even with our mitigations, the success rate is non-zero. 0.04% again this morning for a campaign targeting AU users.
You can setup 2FA as a portal user too. And unique passwords 🙏
If you've run Debirdify/Fedifinder a while ago, you might also want to rerun it ASAP to catch any new handles before they're gone.
Folks, the time to run https://t.co/ImNeaysyah or https://t.co/XuRKv7koAA is now.
You don't need to have an account elsewhere yet. Download the CSVs while you can, and you can import them later.
go go go go
Have you tried #AdventOfCyber2022 ?
You can discover or brush up cybersecurity 101 skills, like log analysis, brute force, OSINT, etc. Entry-level topics, can play directly on the VM from your browser. It's fun and only needs a few mins a day. Go help 🎅!
https://t.co/AeVFM6A8hv
@RichardMathot tu pourrais aussi utiliser Debirdify¹ ou Fedifinder² pour voir sur quels serveurs tes amis se sont inscrits ;-)
Debirdify a l'air un peu down pour le moment mais Fedifinder est up
__
¹ https://t.co/aZNAIl8HED (cfr https://t.co/ECeayq5oD5)
² https://t.co/flAOa1227f
@iamamoose - rough idea of possible impact to common software like nginx, apache, and mitigation strategies
- any discussed time frame with OS vendors for releasing patched version (e.g. debian backports in 3.0.2, ...)
Virustotal for a sample one: https://t.co/MYJh2GV5kc
You can always report malware links to Google Safe Browsing to have them blocked in browsers directly: https://t.co/DYaOqNYvnD
Getting reports of malware distributed via fake emails about "software update" for Odoo, linking to zipped .exe files👻
We try to have them taken down asap, but you know better than that anyway :-) Odoo updates are always available through official channels (repos / packages)
Finally this year, well deserved! @Erwin_vd_Ploeg
@bouvyd @gurneyalex @fpodoo Yes, script kiddies playing with the default passwords. Not the first time, too.
Would be sad if we have to stop giving open access to runbot 🤨
@Mozdigar Sure, sent you a DM 👍
@sswapnesh @Odoo Exercise for the reader: what's the probability of winning this lottery (getting a `/` in your token), assuming we're using random non-urlsafe-base64-encoded 256-bits token? 😉
@sswapnesh @Odoo Fun one!🤓Turns out the route uses a non-urlsafe-b64-encoded token, and thus fails to match if you're unlucky enough to get a b64 token with a '/' in it.
The fix will be deployed soon, it's been like this for... 3 years🙈
Last Seen Users on Sotwe
21muda
Seen from Germany
Muş +18 itiraf sayfasına hoşgeldiniz
Seen from Turkey
Philippines
Seen from Norway
SEKS10DIBİÇ
Seen from Turkey
Mowon_Bong🏳️⚧️
虎子
Seen from United States
Kimy
Seen from Argentina
𝕯𝖎𝖆𝖇𝖔𝖑𝖎𝖈𝖆𖦹· 
Seen from Saudi Arabia
ܭߺߺ𐬛ࡅ࡙ߺࡅن👸🎀
Seen from United States
Casamento Liberal 🔞🔥
Seen from Brazil
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers