Dear Infosec people who have looked at XML and XXE before: I am trying to get an understanding of Blind XXE. Many of the descriptions I find are lacking an important detail which makes the attack much less practical. Blind XXE works by building an URL which contains content of a file, allowing to exfiltrate content. However, in all my tests, that *only* works if the file contains no newlines, as those are not allowed in URLs. Am I missing something? 🧵

There's a study indicating that a cheap nasal spray that is already on the market (for allergies) can reduce Covid 19 infection risk by ~2/3rd, and also reduce other respiratorial infections. I'm somewhat torn between "too good to be true" and "any reason I shouldn't immediately buy and use this?" Anyone read any insightful (and particularly: skeptical, caveats) takes on it? https://jamanetwork.com/journals/jamainternalmedicine/fullarticle/2838335

Anyone happens to know if there's any easy trick to bypass an Incapsula "security firewall" that thinks downloading with curl/wget is an attack to be prevented? (It's not just the user agent, I tried that.)

In case I know anyone here who's familiar with the finer details of DNS and particularly DNS amplification attacks and their mitigations, I have some questions.