English

❗️Disclosure: I worked at Smallpdf from January to November 2021. In that period, Smallpdf used PDFTron WebViewer SDK (now Apryse PDF WebViewer) to render PDF files in the browser. This information was public. Interview and first XSS in PDFTron WebViewer In October 2020, I started my job interview with Smallpdf for a Cloud Security Engineer position. During the interview process, I began to use Smallpdf as a service to “play” with it, and being a web application that renders PDF files, I tried to exploit PDF files to inject arbitrary Javascript code....

Italy is facing dark days because of coronavirus and there is a lot of disinformation about this topic, especially on messaging apps and social networks (the journalist Jane Lytvynenko is collecting and debunking a large number of fake news about COVID-19). Last week (03/12) China sent a team of doctors and equipment for Italian hospitals, a part of which Italy will pay for. The Chinese Embassy in Italy reported the news on Twitter and – during these particular days – their Twitter account is particular active....

During last spring (2019) I started to “open and read” the Android applications before installing them. Reversing an APK file can be interesting to understand how an app works, how it manages the permissions and my data, if there are vulnerabilities. I was looking for a different Android mail client, so I started to reverse them and I found many mail clients on Play Store were - maybe are - vulnerable to Javascript injection....

Some days ago the journalist Charlotte Godart contacted me and asked me to explain how to use my script tweet_analysis.py. Her goal was to convert Twitter datasets about Chinese propaganda into graphs, so that people can see how the Chinese government operates on Twitter to influence their opinion. While helping her I had the possibility to take a look at these datasets and they are intriguing, very different from the Internet Research Agency dataset....

This is the third and last post about the Internet Research Agency dataset, which was shared by Twitter in October 2018. In Part II I have focused on the European situation – especially in Germany, Italy, France and Spain – to understand if the Russian government might have tried to spread disinformation as it did in the US. In this post I want to focus on Italy and answer to the question: has the Internet Research Agency tried to manipulate information in Italy?...