Blogs

❗️Disclosure: I worked at Smallpdf from January to November 2021. In that period, Smallpdf used PDFTron WebViewer SDK (now Apryse PDF WebViewer) to render PDF files in the browser. This information was public. Interview and first XSS in PDFTron WebViewer In October 2020, I started my job interview with Smallpdf for a Cloud Security Engineer position. During the interview process, I began to use Smallpdf as a service to “play” with it, and being a web application that renders PDF files, I tried to exploit PDF files to inject arbitrary Javascript code....

During last spring (2019) I started to “open and read” the Android applications before installing them. Reversing an APK file can be interesting to understand how an app works, how it manages the permissions and my data, if there are vulnerabilities. I was looking for a different Android mail client, so I started to reverse them and I found many mail clients on Play Store were - maybe are - vulnerable to Javascript injection....

Some days ago the journalist Charlotte Godart contacted me and asked me to explain how to use my script tweet_analysis.py. Her goal was to convert Twitter datasets about Chinese propaganda into graphs, so that people can see how the Chinese government operates on Twitter to influence their opinion. While helping her I had the possibility to take a look at these datasets and they are intriguing, very different from the Internet Research Agency dataset....

This is the third and last post about the Internet Research Agency dataset, which was shared by Twitter in October 2018. In Part II I have focused on the European situation – especially in Germany, Italy, France and Spain – to understand if the Russian government might have tried to spread disinformation as it did in the US. In this post I want to focus on Italy and answer to the question: has the Internet Research Agency tried to manipulate information in Italy?...

Questo post doveva essere pubblicato verso giugno 2019, l’ho scritto in quel periodo, poi si sa, è facile procrastinare, gli imprevisti sono dietro l’angolo, le scalette personali mutano, capitano settimane impegnative, e le bozze rimangono salvate a prendere polvere. Ci tengo molto a ringraziare le persone - tante - che mi hanno fatto sentire il proprio sostegno, in vari modi, durante tutta la vicenda che mi ha coinvolto. Quindi rispolvero questa bozza, riprendo da dove avevo lasciato e la pubblico con colpevole ritardo....