Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
CW: The SQL injection vulnerability isn't important because our code is proprietary so hackers won't find it.
Me: <censored>7 -
https://git.kernel.org/…/ke…/... sure some of you are working on the patches already, if you are then lets connect cause, I am an ardent researcher for the same as of now.
So here it goes:
As soon as kernel page table isolation(KPTI) bug will be out of embargo, Whatsapp and FB will be flooded with over-night kernel "shikhuritee" experts who will share shitty advices non-stop.
1. The bug under embargo is a side channel attack, which exploits the fact that Intel chips come with speculative execution without proper isolation between user pages and kernel pages. Therefore, with careful scheduling and timing attack will reveal some information from kernel pages, while the code is running in user mode.
In easy terms, if you have a VPS, another person with VPS on same physical server may read memory being used by your VPS, which will result in unwanted data leakage. To make the matter worse, a malicious JS from innocent looking webpage might be (might be, because JS does not provide language constructs for such fine grained control; atleast none that I know as of now) able to read kernel pages, and pawn you real hard, real bad.
2. The bug comes from too much reliance on Tomasulo's algorithm for out-of-order instruction scheduling. It is not yet clear whether the bug can be fixed with a microcode update (and if not, Intel has to fix this in silicon itself). As far as I can dig, there is nothing that hints that this bug is fixable in microcode, which makes the matter much worse. Also according to my understanding a microcode update will be too trivial to fix this kind of a hardware bug.
3. A software-only remedy is possible, and that is being implemented by all major OSs (including our lovely Linux) in kernel space. The patch forces Translation Lookaside Buffer to flush if a context switch happens during a syscall (this is what I understand as of now). The benchmarks are suggesting that slowdown will be somewhere between 5%(best case)-30%(worst case).
4. Regarding point 3, syscalls don't matter much. Only thing that matters is how many times syscalls are called. For example, if you are using read() or write() on 8MB buffers, you won't have too much slowdown; but if you are calling same syscalls once per byte, a heavy performance penalty is guaranteed. All processes are which are I/O heavy are going to suffer (hostings and databases are two common examples).
5. The patch can be disabled in Linux by passing argument to kernel during boot; however it is not advised for pretty much obvious reasons.
6. For gamers: this is not going to affect games (because those are not I/O heavy)
Meltdown: "Meltdown" targeted on desktop chips can read kernel memory from L1D cache, Intel is only affected with this variant. Works on only Intel.
Spectre: Spectre is a hardware vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs mapped memory. Works on all chips including Intel/ARM/AMD.
For updates refer the kernel tree: https://git.kernel.org/…/ke…/...
For further details and more chit-chats refer: https://lwn.net/SubscriberLink/...
~Cheers~
(Originally written by Adhokshaj Mishra, edited by me. )
22 -
Alright fuck it, let's release this fucker!
https://lynkz.me is the main domain. The interface is *usable* and nothing more than that. I'll invest more time in that soon but for now, hey, it works.
Api is located at https://api.lynkz.me.
Documentation for this (literally some echoes to the screen but it contains the needed information for now) is at that api url.
Found a bug or a security vulnerability? Please let me know!
Yeah I use mariadb but sql injection is luckily not possible due to quite some sanitization ;)
WARNING: if you make a shortened url and forget the delete key, you won't be able to delete it.
Let's see how this goes 😅111 -
A fellow intern recommended the use of windows server for security and speed reasons.
Few details about the situation: windows server got hacked due to a vulnerability which had no patch released yet and this had happened multiple times that year. Also, the company was migrating everything to Linux (servers).
The senior/lead programmer literally gave him a GTFO face and pointed at the door.
Everyone was giving him the GTFO face by the way, he didn't know how fast he had to get out 🤣8 -
*Facebook Hackers follow the Rules*
(real story)
TL;DR: sorry, not available, can't do spoilers
One night I was with a group of friends out at a pub. A guy and his girlfriend show up, I didn't know them but they were my friend's friends.
The girl kept bragging the whole time about his boyfriend being a professional programmer, trying to remind it to everybody whenever possible (don't ask me why!).
So, after a while, the discussion moves towards "suspect Facebook activities" and the guy starts saying that he can hack Facebook.
- "What do you mean?", I ask.
- "Hacking into other people's accounts, even with 2 factor authentication. I did it a lot of times"
- "Wait, and they don't notice?"
- "Of course not! ^_^ He's a hacker", the girl replies.
Ok, time to do a coming out.
- "Hey, I'm a developer myself. Can you give me an idea of what you did in technical terms? Did you find a vulnerability? Used a virus? Maybe a keylogger?"
- "No... Uh... Well... The secret is to read the terms of service"
- "What?"
- "Yes... yes it's all in the facebook terms of service..."
- "Uhm, I'm not really sure I'm following. Could you prove it by hacking my Facebook account? I'm giving you the permission".
In less than a minute the discussion flew completely away and they never mentioned computers again.
😂😂8 -
⚠️ DEVRANTRON ALERT ⚠️
Make sure you've updated devRantron to v.1.3.6 since previous versions contains an XSS vulnerability.
<b>If this text is BOLD you're vulnerable.</b>
You can download the latest version at https://github.com/tahnik/...20 -
A quite severe vulnerability was found in Skype (at least for windows, not sure about other systems) allowing anyone with system access (remote or local) to replace the update files skype downloads before updating itself with malicious versions because skype doesn't check the integrity of local files. This could allow an attacker to, once gaining access to the system, 'inject' any malicious DLL into skype by placing it in the right directory with the right file name and waiting for the user to update (except with auto updates of course).
From a company like Microsoft, taking in mind that skype has hundreds of millions of users worldwide, I'd expect them to take a very serious stance on this and work on a patch as soon as possible.
What they said about this: they won't be fixing it anytime soon as it would require a quite big rewrite of skype.
This kinda shit makes me so fucking angry, especially when it comes from big ass companies 😡. Take your fucking responsibility, Microsoft.16 -
The awesome moment when a client claims that you are nothing but a script kiddy only minutes before you reveal a $1400 vulnerability on his site 😂4
-
Security tester: Injects XSS into a rich text editor and flags it for a vulnerability.
"Oh that's fine, let's just disable right click on our page so no one can inspect the page and inject anything."
...
My boss ladies and gentlemen.9 -
Corporate IT: YOU MUST COME INTO THE OFFICE. WE JUST RECEIVED AN URGENT NOTIFICATION FROM APPLE OF A SECURITY VULNERABILITY IN iOS DEVICES. YOU HAVE BEEN IDENTIFIED AS HAVING A MAC ASSET. COME INTO THE OFFICE IMMEDIATELY AND UPDATE IT.
Dev: I don’t use that mac, it sits in my office desk drawer unplugged. I’ll update it if I ever need it for anything. Which I won’t, we don’t do iOS dev anymore.
Corporate IT: NOOOOO!!! YOU MUST UPDATE IT NOW!!!
Dev: I’m not wasting time driving into the office this week. We have an important deadline we’re working on, I can’t afford to lose 2 hours to this. Plus it can’t be turned on right now, It’s been unplugged for 2 years.
Corporate IT: THAT WOULDN’T STOP A HACKER!!
Dev: …11 -
This happened at my last internship. There was this other intern and he was a TO THE FUCKING MAX windows fanboy and whenever someone said something bad about windows he'd go full rage. Also, he'd sometimes spend half an hour at my desk explaining why windows was the best and Linux sucked.
This one time, I read about a newly discovered windows vulnerability and told the employees so they'd update quickly and they were like ' thanks for the notification mate!' And then that guy came up to me telling that 'Linux also has severe vulnerabilities sometimes'. YES I FUCKING KNOW THAT I'M JUST TRYING TO GET PEOPLE TO UPDATE FOR THEIR SECURITY YOU FUCKING ASSHAT. I got really mad. Still, fuck that guy.9 -
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
https://blackhat.com/eu-17/...
https://theregister.co.uk/2017/12/...
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there
19 -
It's funny, whenever the subject of facebook vs privacy comes up (mostly I don't even initiate those convo's), people always start to defend facebook when I say that I THINK that facebook is build to get people addicted to it and get them to stay on facebook as long as possible.
Haha, one of facebook's early investers/ex facebook presidents said the following in an interview:
“It’s a social-validation feedback loop, exactly the kind of thing that a hacker like myself would come up with, because you’re exploiting a vulnerability in human psychology.”
So even an ex president of facebook is admitting this.
I also found the folloing a good one:
The underlying thought process while creating platforms like Facebook or Instagram is something like “How do we consume as much of your time and conscious attention as possible?”
Last but not least, the part I found the most scary:
“God only knows what it’s doing to our children’s brains.”
Yes, I find this scary.
Oh yeah and for the people who are going to call bullshit on this one, I've got one source and if you search engine on the title of that article then you'll find loads of websites having that story:
https://fossbytes.com/facebook-was-...26 -
So WPA2 has been broken.
That's quite a bad news coming so shortly after the BlueBourne vulnerability was discovered
Read more here if interested:
https://www.krackattacks.com/9 -
!rant
The change log from notepad++ update. The last paragraph is the cream!
" The issue of a hijacked DLL concerns scilexer.dll (needed by Notepad++) on a compromised PC, which is replaced by a modified scilexer.dll built by the CIA. When Notepad++ is launched, the modified scilexer.dll is loaded instead of the original one.
It doesn't mean that CIA is interested in your coding skill or in your sex message content typed in Notepad++, but rather it prevents raising any red flags while the DLL does data collection in the background.
It's not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it. If the certificate is missing or invalid, then it just won't be loaded, and Notepad++ will fail to launch.
Checking the certificate of DLL makes it harder to hack. Note that once users’ PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.
Just like knowing the lock is useless for people who are willing to go into my house, I still shut the door and lock it every morning when I leave home. We are in a f**king corrupted world, unfortunately. "2 -
A critical vulnerability was detected in Electron and I urge all the devRantron users to update their app manually.
Please go to https://www.devrantron.com get the latest version which has the necessary patches.
Due to a request, we added compact mode in the app, which can be used to view a distraction-free mode of the UI. Notifications screen is a little bit more readable now. The read notifications are now greyed out.
Again, the auto update will not work for this version. Please manually update as soon as possible.
6 -
--- URGENT: Major security flaw in Kubernetes: Update Kubernetes at all costs! ---
Detailed info: https://github.com/kubernetes/...
If you are running any unpatched versions of Kubernetes, you must update now. Anyone might be able to send commands directly to your backend through a forged network request, without even triggering a single line in the log, making their attack practically invisible!
If you are running a version of Kubernetes below 1.10... there is no help for you. Upgrade to a newer version, e.g. 1.12.3.
26 -
Long story short, I'm unofficially the hacker at our office... Story time!
So I was hired three months ago to work for my current company, and after the three weeks of training I got assigned a project with an architect (who only works on the project very occasionally). I was tasked with revamping and implementing new features for an existing API, some of the code dated back to 2013. (important, keep this in mind)
So at one point I was testing the existing endpoints, because part of the project was automating tests using postman, and I saw something sketchy. So very sketchy. The method I was looking at took a POJO as an argument, extracted the ID of the user from it, looked the user up, and then updated the info of the looked up user with the POJO. So I tried sending a JSON with the info of my user, but the ID of another user. And voila, I overwrote his data.
Once I reported this (which took a while to be taken seriously because I was so new) I found out that this might be useful for sysadmins to have, so it wasn't completely horrible. However, the endpoint required no Auth to use. An anonymous curl request could overwrite any users data.
As this mess unfolded and we notified the higher ups, another architect jumped in to fix the mess and we found that you could also fetch the data of any user by knowing his ID, and overwrite his credit/debit cards. And well, the ID of the users were alphanumerical strings, which I thought would make it harder to abuse, but then realized all the IDs were sequentially generated... Again, these endpoints required no authentication.
So anyways. Panic ensued, systems people at HQ had to work that weekend, two hot fixes had to be delivered, and now they think I'm a hacker... I did go on to discover some other vulnerabilities, but nothing major.
It still amsues me they think I'm a hacker 😂😂 when I know about as much about hacking as the next guy at the office, but anyways, makes for a good story and I laugh every time I hear them call me a hacker. The whole thing was pretty amusing, they supposedly have security audits and QA, but for five years, these massive security holes went undetected... And our client is a massive company in my country... So, let's hope no one found it before I did.6 -
10 years ago, I found a vulnerability in the connection between an insurer I was working for, and the network of databases of municipalities. I was only a hacker in so far as kids who watched Hak5 are considered hackers, so I always carried this laptop with a fake access point, package sniffer, wep crack, sslstrip, etc with me.
The vulnerabilities allowed me to register a new identity, for which I requested a passport.
Walking up to the town hall desk with two passports with different names, both mine, was pretty cool.
I did not do anything malicious, and was hired to fix the issues (wep encryption on insurers trusted wifi, and municipality postgres gave write access to all third parties)
For a few days I was the coolest kid in school though!2 -
Forgive me father, for I have sinned. Alot actually, but I'm here for technical sins. Okay, a particular series of technical sins. Sit your ass back down padre, you signed up for this shit. Where was I? Right, it has been 11429 days since my last confession. May this serve as equal parts rant, confession, and record for the poor SOB who comes after me.
Ended up in a job where everything was done manually or controlled by rickety Access "apps". Many manhours were wasted on sitting and waiting for the main system to spit out a query download so it could be parsed by hand or loaded into one of the aforementioned apps that had a nasty habit of locking up the aged hardware that we were allowed. Updates to the system were done through and awful utility that tended to cut out silently, fail loudly and randomly, or post data horrifically wrong.
Fuck that noise. Floated the idea of automating downloads and uploads to bossman. This is where I learned that the main system had no SQL socket by default, but the vendor managing the system could provide one for an obscene amount of money. There was no buy in from above, not worth the price.
Automated it anyway. Main system had a free form entry field, ostensibly for handwriting SELECT queries. Using Python, AutoHotkey, and glorified copy-pasting, it worked after a fashion. Showed the time saved by not having to do downloads manually. Got us the buy in we needed, bigwigs get negotiating with the vendor, told to start developing something based on some docs from the vendor. Keep the hacky solution running as team loves not having to waste time on downloads.
Found SQLi vulnerability in the above free form query system, brought it up to bossman to bring up the chain. Vulnerability still there months later. Test using it for automated updates. Works and is magnitudes more stable than update utility. Bring it up again and show the time we can save exploiting it. Decision made to use it while it exists, saves more time. Team happier, able to actual develop solutions uninterrupted now. Using Python, AutoHotkey, glorified copy-pasting, and SQLi in the course of day to day business critical work. Ugliest hacky thing I've ever caused to exist.
Flash forward 6 years. Automation system now in heavy use acrossed two companies. Handles all automatic downloads for several departments, 1 million+ discrete updates daily with alot of room for expansion, stuff runs 24/7 on schedule, most former Access apps now gone and written sanely and managed by the automation system. Its on real hardware with real databases and security behind it.
It is still using AutoHotkey, copy-paste, and SQLi to interface with the main system. There never was and never will be a SQL socket. Keep this hellbeast I've spawned chugging along.
I've pointed out how many ways this can all go pearshaped. I've pointed out that one day the vendor will get their shit together they'll come in post system update and nothing will work anymore. I've pointed out the danger in continuing to use the system with such a glaring SQLi vulnerability.
Noone cares. Won't be my problem soon enough.
In no particular order:
Fuck management for not fighting for a good system interface
Fuck the vendor for A) not having a SQL socket and B) leaving the SQLi vulnerability there this long
Fuck me for bringing this thing into existence5 -
I once had to literally hack a Joomla 1.5.x site for a client, because they did not find the passwords (hosting, cms, ftp, mysql). After 5 minutes and a SQL injection I was in like flynn.
The site was already full of hidden links to viagra sellers and stuff... 😂1 -
Darn it, I was having such a good day. Just sitting over here in sysadmin land watching the Java devs tear their hair out over the Log4j vulnerability, when someone just had to ask me about the Jenkins servers my team maintains.
Jenkins doesn't use Log4j! What a relief!
Jenkins does, however, have third-party plugins, some of which use Log4j. And thus my relief was short-lived and now I'm also tearing out my hair trying to patch this shit.17 -
What an absolute fucking disaster of a day. Strap in, folks; it's time for a bumpy ride!
I got a whole hour of work done today. The first hour of my morning because I went to work a bit early. Then people started complaining about Jenkins jobs failing on that one Jenkins server our team has been wanting to decom for two years but management won't let us force people to move to new servers. It's a single server with over four thousand projects, some of which run massive data processing jobs that last DAYS. The server was originally set up by people who have since quit, of course, and left it behind for my team to adopt with zero documentation.
Anyway, the 500GB disk is 100% full. The memory (all 64GB of it) is fully consumed by stuck jobs. We can't track down large old files to delete because du chokes on the workspace folder with thousands of subfolders with no Ram to spare. We decide to basically take a hacksaw to it, deleting the workspace for every job not currently in progress. This of course fucked up some really poorly-designed pipelines that relied on workspaces persisting between jobs, so we had to deal with complaints about that as well.
So we get the Jenkins server up and running again just in time for AWS to have a major incident affecting EC2 instance provisioning in our primary region. People keep bugging me to fix it, I keep telling them that it's Amazon's problem to solve, they wait a few minutes and ask me to fix it again. Emails flying back and forth until that was done.
Lunch time already. But the fun isn't over yet!
I get back to my desk to find out that new hires or people who got new Mac laptops recently can't even install our toolchain, because management has started handing out M1 Macs without telling us and all our tools are compiled solely for x86_64. That took some troubleshooting to even figure out what the problem was because the only error people got from homebrew was that the formula was empty when it clearly wasn't.
After figuring out that problem (but not fully solving it yet), one team starts complaining to us about a Github problem because we manage the github org. Except it's not a github problem and I already knew this because they are a Problem Team that uses some technical authoring software with Git integration but they only have even the barest understanding of what Git actually does. Turns out it's a Git problem. An update for Git was pushed out recently that patches a big bad vulnerability and the way it was patched causes problems because they're using Git wrong (multiple users accessing the same local repo on a samba share). It's a huge vulnerability so my entire conversation with them went sort of like:
"Please don't."
"We have to."
"Fine, here's a workaround, this will allow arbitrary code execution by anyone with physical or virtual access to this computer that you have sitting in an unlocked office somewhere."
"How do I run a Git command I don't use Git."
So that dealt with, I start taking a look at our toolchain, trying to figure out if I can easily just cross-compile it to arm64 for the M1 macbooks or if it will be a more involved fix. And I find all kinds of horrendous shit left behind by the people who wrote the tools that, naturally, they left for us to adopt when they quit over a year ago. I'm talking entire functions in a tool used by hundreds of people that were put in as a joke, poorly documented functions I am still trying to puzzle out, and exactly zero comments in the code and abbreviated function names like "gars", "snh", and "jgajawwawstai".
While I'm looking into that, the person from our team who is responsible for incident communication finally gets the AWS EC2 provisioning issue reported to IT Operations, who sent out an alert to affected users that should have gone out hours earlier.
Meanwhile, according to the health dashboard in AWS, the issue had already been resolved three hours before the communication went out and the ticket remains open at this moment, as far as I know.5 -
I found a vulnerability in a food delivery app api that allows me to add credit to my account. I ate my first free meal today but i feel bad about it. What should i do 😞.
1- continue hacking free credit and eating free food.
2- stop and forget i found this bug
3- report the bug in exchange for money/credit
4- report the bug for free24 -
Really cool. Tesla gave two hackers that found a vulnerability in the Model 3 free cars as a reward. More companies should do that, instead of getting all pissy. I would hope a company wants to know what their vulnerabilities are so that they can avoid embarrassment and the loss of money.2
-
I think we're going two sides:
For one, more and more technology is being developed/engineered which is even more and more and more intrusive as for personal privacy, I'm genuinely worried how this'll go as privacy isn't just a about not exposing certain things like passwords/bank account details and so on, it's also about being an individual who has their own thoughts, opinions and so on. If we keep taking that away more and more often, society will change and go towards the Orwell scenario (we're on our way there right now). We can change this as software/design/server engineers but that's up to us and I sadly don't see that happening quickly, also due to the 'nothing to hide' bullshit.
Second one is that were going more and more towards open source.
This is a good thing as this:
- gives freedom to devs around the world to improve software and/or modify it to suit their needs.
- gives people the opportunity to look through the source code of softwares in order to verify it as for backdoors and find security vulnerabilities which otherwise can remain hidden for the general public while spying agencies have way more resources to go vulnerability hunting.
For the people who think this isn't a good idea (even more open source), without it we'd be completely fucked as for moving forward/security/privacy. (I can give examples if wanted).3 -
Me: reports vulnerability that can be used to steal thousands of dollars from a company.
Stingy company: gives me 66 USD voucher as a reward. :)11 -
I think the hardest thing about being a programmer in college with a security emphasis is when I approach a business for a penetration test or for a vulnerability analysis (your pick) is that they almost always say, "you are pretty young don't you think?"
Ummmm not sure what that has to do with it. If it would make you feel better I have claimed bug bounties from an antivirus company, a bank, several local businesses in my area and I do this for work at my 9-5.
And this week I got this, "I think I would like someone older so we can define the goals better."
Oh so rules of engagement, yeah of course I understand that and that's something we would discuss and draw up a contract for...
"Well we really need someone more skilled."
---- End of story ----
I don't understand, you haven't asked about certifications or schooling and you glanced at my resume for exactly 5 seconds what the hell do you want? Me to double my age over night?7 -
Well, fuck.
source: https://amdflaws.com
https://wired.com/story/...
Really ugly to release it a day after telling AMD about it
10 -
I make a typo in the username
"username doesn't exist"
I fix the typo and mess up the password
"incorrect password"
... I smell a potential exploit here...7 -
> IHateForALiving: I have added markdown on the client! Now the sys admin can use markdown and it's going to be rendered as HTML
> Team leader: ok, I've seen you also included some pics of the tests you made. It's nice, there's no XSS vulnerabilities, now I want you to make sure you didn't introduce any SQL injection too. Post the results of the tests in the tickets, for everybody to see.
I've been trying to extract from him for 15 minutes how sending a text through a markdown renderer on the client is supposed to create a SQL injection on the server, I've been trying to extract from him how showing all of this to the world would improve our reputation.
I miserably failed, I don't know how the fuck am I supposed to test this thing and if I a colleague wasted time to make sure some client-side rendering didn't create a SQL injection I'd make sure to point and laugh at them every time they open their mouth.9 -
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.9 -
Okay, That right there is pathetic https://thehackernews.com/2019/02/... .
First of all telekom was not able to assure their clients' safety so that some Joe would not access them.
Second of all after a friendly warning and pointing a finger to the exact problem telekom booted the guy out.
Thirdly telekom took a defensive position claiming "naah, we're all good, we don't need security. We'll just report any breaches to police hence no data will be leaked not altered" which I can't decide whether is moronic or idiotic.
Come on boys and girls... If some chap offers a friendly hand by pointing where you've made a mistake - fix the mistake, Not the boy. And for fucks sake, say THANK YOU to the good lad. He could use his findings for his own benefit, to destroy your service or even worse -- sell that knowledge on black market where fuck knows what these twisted minds could have done with it. Instead he came to your door saying "Hey folks, I think you could do better here and there. I am your customes and I'd love you to fix those bugzies, 'ciz I'd like to feel my data is safe with you".
How on earth could corporations be that shortsighted... Behaviour like this is an immediate red flag for me, shouting out loud "we are not safe, do not have any business with us unless you want your data to be leaked or secretly altered".
Yeah, I know, computer misuse act, etc. But there are people who do not give a tiny rat's ass about rules and laws and will find a way to do what they do without a trace back to them. Bad boys with bad intentions and black hoodies behind TOR will not be punished. The good guys, on the other hand, will.
Whre's the fucking logic in that...
P.S. It made me think... why wouldn't they want any security vulns reported to them? Why would they prefer to keep it unsafe? Is it intentional? For some special "clients"? Gosh that stinks6 -
FYI to anyone following the Krack WPA2 vulnerability
A testing suite in python has made its way to github.
https://github.com/vanhoefm/... -
Guess what? 😱 WordPress has probably an SQL injection vulnerability. Check it out and fix your installations, when more info will be known:
https://twitter.com/ircmaxell/...12 -
Anyone hear about the emergency patch that Microsoft just released? Its a RCE vulnerability CVE-2017-11937 which ironically targets all of Microsoft's security products.
Basically when Windows defender scans a specially crafted file the attacker can run code as the LocalSystem. Nice one Microsoft!1 -
> Be chad lodash dev
> new security vulnerability discovered in April
> low
> virgin devs ask to fix https://github.com/lodash/lodash/...
> giving no shit, because lodash stronk https://github.com/lodash/lodash/...
> fast forward now
> NPM lists lodash as vulnerability, because no fix
> 1000s of downstream projects affected
> https://github.com/lodash/lodash/...
> surprised pikachu face10 -
I recently found a vulnerability in a food delivery app where i can add credit to my account. as some of u suggested I decided to report it. Here is their response of me asking (before explaining the bug) if i will be legally prosecuted and if ill be rewarded. this was their response. I feel they were mean. Thoughts ?
11 -
I really wanna share this with you guys.
We have a couple of physical servers (yeah, I know) provided by a company owned by a friend of my boss. One of them, which I'll refer to as S1, hosted a couple of websites based on Drupal 7... Long story short, every php file got compromised after someone used a vulnerability within D7's core to inject malicious code. Whatver, wasn't a project of mine, and no one bothered to do anything about it... The client was even happy about not doing anything about it. We did stop making backups of such websites however, to avoid spreading the damage (right?). So, no one cared about this for months!
But last monday? The physical server was offline. I powered it on again via its web management interface... Dead after less than an hour. No backups. Oh well, I guess I couls keep powering it on to check what's wrong with it and attempt to fix it...
That's when I've learned how the web management interface works: power on/reboot requests prompted actual workers to reach the physical server and press the power on/reboot buttons.
That took a while to sink in. I mean, ok, theu are physical servers... But aren't they managed anyhow? They are just... Whatever. Rebooting over and over wasn't the solution, so I asked if they could move the HDD to another of our servers... The answer was it required to buy a "server installation" package. In short, we'd have had to buy a new physical server, or renew the subscription of one we already owned for 6 months.
So... I've literally spent the rest of the day bothering their emoloyeea to reboot S1, until I've reached the "daily reboot reauests limit" (which amounts to 3 reauests. seriously), whicj magically opened a support ticket where a random guy advised to stop using VNC as "the server was responsive" and offeres to help me with the command line.
Fiiine, I sort of appreciate it. My next message has been a kernel log which shows how the OS dying out was due to physical components becoming unavailable after a while, and how S1 lacked a VNC server, being accessible only via ssh. So, the daily reboot limit was removes for S1. Yay.
...What to do though? S1 was down, we had no backups, and asking for manual rebooting every time was slow as Hell. ....Then I went insane. I asked for 1 more reboot. su. crontab -e. */15 * * * * /sbin/shutdown -r +5. while true; do; rsync --timeout=20 --append S1:/stuff .; sleep 60; done.
It worked. We have now again access to 4 hacked, shitty Drupal 7 websites. My boss stopped shouting. I can get back to my own projects.
Apparently, those D7 websites got back online too, still with malicious php code within them. Well, not my problem (for now).
Meanwhile, S1 is still rebooting.3 -
For all you Googlefags, "Serious Chrome zero-day – Google says update right this minute":
https://nakedsecurity.sophos.com/20...
16 -
DigitalOcean released this public message in response to Intels MDS. Definitely worth reading if you run servers at DO. https://blog.digitalocean.com/may-2...1
-
Reported an important security vulnerability inside our organization, right before getting off work. A security team member contacts me over chat asking for some details on my investigation. At the end, he tells me: "thanks, I will copy and paste this conversation on the ticket so that everyone can see".
What I imagined: he would copy and paste the conversation as is, so that every line written by me is prefixed with my name.
What he does: he writes a summary of our conversation, barely mentioning my name, making it look like that part of the investigation was done by him.
Now I have so much anger inside of me that my internal organs are boiling.6 -
watching the online course for CEH... dude used the Death Star as a tangible example of how exploits work.
IDK if I should love it for the nerdiness, or be slightly sad that someone needs that type of example of what a vulnerability vs an exploit is, when they're going for the Certified Ethical Hacker certification...
Might be better in an introduction to Network Security class?
Also, while discussing the security, usability, and functionality triangle, he reference the Staples "Easy Button" - does one thing, not very secure, and not very functional (in that it has more than one function)...1 -
Paranoia. Programming affected my life by making me paranoid. Creating a new account on any website that even needs rudimentary information about me has to go quite some vulnerability testing since I've seen enough hack jobs that throw around sensitive data because they're too incompetent to follow simple must dos.3
-
I found a vulnerability in a famous financial institute site. So I asked their customer care over email, how can I report it?
They said: "remove your cookies" 🤦9 -
Putty remote executuon vulnerability(no patch yet)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to unspecified input validation error when processing data, received from SSH server. A remote attacker can trick the victim to connect to a specially crafted SSH server and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.7 -
Yet another funny bug for your iPhone friends. Oh Apple...
"The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn't very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs)."
https://zdnet.com/article/...7 -
Ya'll know what... If humans weren't such annoying vulnerability-searching little shits then we wouldn't have had to implement any protection against them and think of all the performance that would be saved on that. Take branch prediction vulnerability mitigation in the Linux kernel for example, that's got to make a performance hit of least 10% on basically everything.
Alas, I do get why security is important and why we keep such vulnerability mitigation running despite the performance hit. I get why safe code is necessary but still... if these people weren't such annoying little bastards.
Yeah, I was just kind of set off by the above. So much would be faster and easier if only the programmers wouldn't have to plan for people exploiting their software. Software would be written much faster and humans would progress to stuff that actually matters like innovation.8 -
Do you know the auto-generated heroku sample app? The very complex demo app you automatically get following the tutorial?
It has a vulnerability.
I laughed a lot
2 -
So one of my clients had a different company do a penetrationtest on one of my older projects.
So before hand I checked the old project and upgraded a few things on the server. And I thought to myself lets leave something open and see if they will find it.
So I left jquery 1.11.3 in it with a known xss vulnerability in it. Even chrome gives a warning about this issue if you open the audit tab.
Well first round they found that the site was not using a csrf token. And yeah when I build it 8 years ago to my knowledge that was not really a thing yet.
And who is going to make a fake version of this questionair with 200 questions about their farm and then send it to our server again. That's not going to help any hacker because everything that is entered gets checked on the farm again by an inspector. But well csrf is indeed considered the norm so I took an hour out of my day to build one. Because all the ones I found where to complicated for my taste. And added a little extra love by banning any ip that fails the csrf check.
Submitted the new version and asked if I could get a report on what they checked on. Now today few weeks later after hearing nothing yet. I send my client an email asking for the status.
I get a reaction. Everything is perfect now, good job!
In Dutch they said "goed gedaan" but that's like what I say to my puppy when he pisses outside and not in the house. But that might just be me. Not knowing what to do with remarks like that. I'm doing what I'm getting paid for. Saying, good job, your so great, keep up the good work. Are not things I need to hear. It's my job to do it right. I think it feels a bit like somebody clapping for you because you can walk. I'm getting off topic xD
But the xss vulnerability is still there unnoticed, and I still have no report on what they checked. So I have like zero trust in this penetration test.
And after the first round I already mentioned to the security guy in my clients company and my daily contact that they missed things. But they do not seem to care.
Another thing to check of their to do list and reducing their workload. Who cares if it's done well it's no longer their responsibility.
2018 disclaimer: if you can't walk not trying to offend you and I would applaud for you if you could suddenly walk again.2 -
!rant
Reddit comment on a thread about Joomla! sites being vulnerable to SQL-injections:
"Joomla sites are so infested they became sentient.
Joomla sites needs no webmaster, some one else will administer it for you.
Joomla sites have very good SEO, specially in "v1agra c1alis p3nis size"
Traffic count with Joomla is high, all the bots breaking all the vulnerabilities count for somethin'."
😂 Pure gold.1 -
Holy heavens! I'm gonna work with a js framework at my day job.
After installing nodejs I'm immediately greeted by a warning that something is somehow broken. Installing the packages for the barebones repo leads to hundreds of dependencies and vulnerability warnings. I don't even know anything beyond document.getElementById().
On a scale of 1 to Squidward Tentacles, how much am I gonna hate my job?8 -
"One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users," according to the report of Bleeping Computer.
Vulnerability hunter Vinoth Kumar reported and later Starbucks responded it as "significant information disclosure" and qualified for a bug bounty. Along with identifying the GitHub repository and specifying the file hosting the API key, Kumar also provided proof-of-concept (PoC) code demonstrating what an attacker could do with the key. Apart from listing systems and users, adversaries could also take control of the Amazon Web Services (AWS) account, execute commands on systems and add or remove users with access to the internal systems.
The company paid Kumar a $4,000 bounty for the disclosure, which is the maximum reward for critical vulnerabilities.6 -
A few days back I read an article about ethical hacking and get rewarded for bug bounty. I thought that might be interested.
AND
I'm about to send out my first ethical hack report to a company! I'm nervous because I don't know how they'll respond. It's an xss vulnerability, and I really hope they'll fix it.5 -
Today I had a problem with a JS framework. The only person who was available who could help me was the one I avoid, because he always knows everything better.
Well, after I asked if he had time for me, he sits next to me and I started to explain.
After looking around, he started blaming my backend code.
(I belong to the kind of dev that tries to write small and simple code. But I also often use the more complex features of the languages.) He suddenly started accusing everyday things in the backend like inheriting a class or using objects and basic data types together as parameters of a method (WTF???) Hell, all I could say at that moment was that I had a problem with this JS framework and not with the backend that worked well. He probably tried for over an hour to find the bug in the backend and just wouldn't listen, after that he gave up. I wonder what this bitch has learned over the years. Can it really be that he forgot the basics of a programming language? Or has the fool never worked with an inheritance before? I think he's an incapable piece of shit, he hasn't even patched my reported vulnerability in his project in the last half year, which allows to inject own code onto the server.
Because of such fucking morons I get a headache when I think about it. How can it be that he's got a higher degree and earns about 50% more. I should leave this company!3 -
Few months back, I reported a vulnerability in an open source project due to the fake alarm from Github without understanding it's consequences. The author of that project immediately locked, and closed the issue and deleted the detail.
Though he was annoyed with my this act but he taught me a good lesson of responsibility.
https://en.wikipedia.org/wiki/...3 -
Social Captain (a service to increase a user's Instagram followers) has exposed thousands of Instagram account passwords. The company says it helps thousands of users to grow their Instagram follower counts by connecting their accounts to its platform. Users are asked to enter their Instagram username and password into the platform to get started.
According to TechCrunch : Social Captain was storing the passwords of linked Instagram accounts in unencrypted plaintext. Any user who viewed the web page source code on their Social Captain profile page could see their Instagram username and password in plain text, as they had connected their account to the platform. A website bug allowed anyone access to any Social Captain user's profile without having to log in ; simply plugging in a user's unique account ID into the company's web address would grant access to their Social Captain account and their Instagram login credentials. Because the user account IDs were for the most part sequential, it was possible to access any user's account and view their Instagram password and other account information easily. The security researcher who reported the vulnerability provided a spreadsheet of about 10,000 scraped user accounts to TechCrunch.3 -
jQuery < 3.4.0 is a known moderate severity vulnerability now and Github just send me about 20 alert mails for repos which are using jQuery that I had used for side projects.
Like thanks but damn.2 -
Apache Tomcat vulnerability "GHOSTCAT" allows read conduct files and implant web shells. All versions in the last 13 years vulnerable.
According to Security Researcher of Chaitin Tech : Due to a flaw in the Tomcat AJP protocol (the channel for Tomcat to connect to the outside, pass them to the corresponding web application for processing and return the response result of the request), an attacker can read or include any files in the webapp directories of Tomcat.
For example, An attacker can read the web-app configuration files or source code. In addition, if the target web application has a file upload function, the attacker may execute malicious code on the target host by exploiting file inclusion through "GHOSTCAT" vulnerability.
Apache Tomcat has officially released versions 9.0.31, 8.5.51, and 7.0.100 to fix this vulnerability.5 -
A few days ago, I saw a topic from hackernews about Xiaomi phones having a high risk vulnerability because of analytics.apk. I didn't mind it (I'm using a Xiaomi phone).
After about 2 days, I had a notification on my screen having a message 'test' made by my browser.
I immediately installed a firewall blocking all Xiaomi related services.
WTF Xiaomi
3 -
Apple paid bounty hunter 18k instead of 250k by silently tweaking their help page, so it seems like the bug is less severe.
Dear apple, I defended you from baseless and opinionated attacks just like I defend every company that is bashed for no reason, but this is some straight up bouba shit. I will still be fair when it comes to your products, still never silencing bugs and downsides and praising what deserves to be praised, but I will always mention this incident when someone asks me about _working_ at apple. That kind of ethics bs can't be silenced just because I enjoy your new arm chip.
https://thezerohack.com/apple-vulne...12 -
PSA: If you use jQuery and BlueImp's jQuery File Upload there is a big potential vulnerability you need to be aware of. If you use NPM to pull the repo into your public folder, the "server" folder will be available for people to take advantage of. "Hackers" may be able to upload malicious code and replace parts of your site.
I had a site hacked and later saw on Google Analytics that people were posting to random URLs in that folder. The fix is to simply delete that folder, but if you use NPM, you need to be extra careful it doesn't come back.
Also, I didn't investigate further. So I'm not sure what (if anything) is vulnerable in there, or if it was just the specific version I had. To be safe, if you use this plugin (as MANY people do), just delete the folder.
Link to the repo for your reference: https://github.com/blueimp/...
4 -
I don't know who I hate more, regular thieves or crackers.
I think the second ones more, because they don't even have the balls to risk in person…
To whoever decided to throw away one week of my life, which I spent in a dark office in July importing a fucking WordPress website, FUCK OFF!
I fucking hate WordPress, I fucking hate migrate websites with it and also dealing with incompatibilities in 30+ plugins and templates that doesn't work properly (Avada, best seller? For being shitty maybe), and now every time I will have to do it I will think about how much I hate you, the bastard who decided to drop those shitty database tables.
And I'm sorry but we won't send you bitcoins just because you watched a tutorial on YouTube and used a vulnerability in phpMyAdmin, so the only think you earned is my hate for you!6 -
The one thing more annoying than my girlfriend is the chain of mail I get from Github saying,
"One of your dependencies has a security vulnerability."5 -
FUUCCKKKK!! I need to hit smth. Or rant..
So that flaky ec2 issue.. These ec2s act as a shared environment for multiple apps. Our app is one of them. I have no access to those ec2s at all.
What I have access to is my app and some monitoring. Now the app randomly starts lagging while nearly idling. At the same random times monitoring stops completely and doesn't come back up. This happens to random app instances at random times.
Reached out to infra support, managed to get attention from the big boys [mgmt]. Today we got the fix deployed. I test it out -- problem persists.
I find this behaviour somewhat familiar. Managed to get some server stats from infra folks. Apparently cpu% is high as well as load avg [cpu queue]. Bingo! I know how to fix it!
So I write a long comment w/ all the commands and all the 'if that, do this'. Send it to one of the infra technitians
and I get a reply: 'we will apply cpu usage limitations to fix the issue'
wait... Cpu% limitations will do nothing but highlight the underlying problem...
'no, instances have high cpu utilisation which is causing those lags. We will limit cpu resources and it will be fixed'
oh ffs... Cpu utilization and cpu queue are VERY different things.. I tried explaining that to them like 7-9 times. And all I get is:
'yes, cpu utilization is the problem. We will limit it and solve the problem'
I would surely escalate all of this through higher channels if only I could get my hands on those ec2s and have a proof. But that is not happening and I'm forced to sit back and watch them break things even worse until they are out of options and mark my query as 'wont fix'....
Fuck that's frustrating....
*thinking to myself* so I've read about that new vulnerability 2 days ago that allows one to escape from docker container to the host... What if <...>4 -
I've been interested in security for years but despite knowing the theory I've always had this disconnect with actually doing it, about two years ago I finally managed to find and exploit my first cross-site scripting vulnerability in my companies Product whilst doing some routine acceptance testing. It was a penny drop moment for me which has led to some very interesting projects and It was pretty badass.
-
I just found a vulnerability in my companies software.
Anyone who can edit a specific config file could implant some SQL there, which would later be executed by another (unknowing) user from within the software.
The software in question is B2B and has a server-client model, but with the client directly connecting to the database for most operations - but what you can do should be regulated by the software. With this cute little exploit I managed to drop a table from my test environment - or worse: I could manipulate data, so when you realize it it's too late to simply restore a DB backup because there might have been small changes for who knows how long. If someone was to use this maliciously the damages could be easily several million Euros for some of our customers (think about a few hundred thousand orders per day being deleted/changed).
It could also potentially be used for data exfiltration by changing protection flags, though if we're talking industry espionage they would probably find other ways and exploit the OS or DB directly, given that this attack requires specific knowledge of the software. Also we don't promise to safely store your crabby patty recipe (or other super secret secrets).
The good thing is that an attack would only possible for someone with both write access to that file and insider knowledge (though that can be gained by user of the software fairly easily with some knowledge of SQL).
Well, so much for logging off early on Friday.5 -
First of all, a great channel to follow and where all this is from: https://youtube.com/watch/...
It listed a lot of open source news I missed myself and I'm sure others did too, for those that are too lazy to watch the video or open the description, I've stripped away the links and "X version got released" just to give an idea of what he covers.
------------------
GNOME and KDE announced they would work together on building better Linux desktops at Linux App Summit.
XRDesktop, a VR enabled Linux desktop, will allow you to use your Linux programs while wearing your VR headset.
Responding to the european commission's fines, Google announced that it would allow other search engines to be present at Android's setup.
Manjaro will allow users to pick between FreeOffice, Libre Office, or no office suite at all.
The Igalia team announced that they are working to make Pitivi compatible with Final Cut Pro X
Microsoft might be bringing its Teams software to Linux.
Martin Wimpress from the Canonical SnapCraft team gave an interview to TechRepublic, on Snaps
A discussion took place on how to improve Linux desktop performance in low ram scenarios.
A KDE vulnerability has been outed publicly before notifying the developers.
Nvidia has open sourced a bunch of documentation for its GPUs
Linux Journal announced they would cease their publication.
Kdenlive 19.08 has been released, bringing 3 point editing and a bunch of keyboard shortcuts
The Linux on Dex project now allows to run Ubuntu 16.04 LTS on a samsung smartphone.
According to protondb, we passed the 6000 playable games mark, out of 9 thousand for which users have created a report
GNOME Feeds has been released on flathub, a simple app to read RSS feeds on GNOME
The enlightenment desktop released its first version in 2 years, enlightenment 0.23.0.
Linux celebrated its 28th birthday
Microsoft announced that they would bring exFAT support to the linux kernel.
Thundebird 68 was released with an interface redesign
Collabora has published an update on their work on viglrenderer, a solution to emulate a gpu while using a virtual machine through Qemu.7 -
The feel when you remember you have left any vulnerability in your code.
a wired wave arise in your body.1 -
My new colegue at work was tasked with getting familiar with some Java code that had security vulnerability. He complained about slow build time for the first hour and then I stopped paying attention. At the end of day I checked on him and was like wtf how are you still trying to build this.
Turns out he ran Gradle task bootRun and watched logs of working app for 8 hours because he thought that's build xD -
So recently a 0-day exploit was discovered in WP plugin Kaswara Modern WP Bakery Page (https://zdnet.com/article/...).
A customer's shared hosting space was taken down (about 6 websites) after this vulnerability had been exploited and although we removed the malicious code, & changed credentials the hosting company demands we update ALL Wordpress plugins to latest AND provide them a virus scan report of our local PC before putting the webspace back online??? WTF???
That just strikes me as outrageous. Thoughts?
10 -
security fiasco due to a malicious npm package:
Because of a bitcoin miner present in event-stream npm module (https://bleepingcomputer.com/news/...), my entire team and I had to scan all our nodejs apps, repos and the most excruciating one, all node_modules folders across all our dev machines and servers, to see if event-stream and flatmap-stream is present, then not just delete it but update a bu**load of upstream dependencies which internally used event-stream. All due to one malicious package which was hidden several layers beneath.
And, this happened almost 8 months after the aforesaid vulnerability was first found.9 -
Just mirrored sudo to my own Gitea instance yesterday (https://git.ghnou.su/mir/sudo). Turns out that this chonkster is 200MB compressed (LZ4 on ZFS). I am baffled by it... All it needs to do is reading a configuration file describing what users can be elevated, to which user and which commands they can run. Perhaps doas wasn't a bad idea after all?
Oh and it got a privilege escalation vulnerability just yesterday (https://security-tracker.debian.org/...), which is why I got interested in it. Update your sudo packages if you haven't already.11 -
Attention guys and gals! If you are using grafana in your home setup, update it asap to 4.6.4 or 5.2.3. versions before those two are affected by an authentication bypass vulnerability. CVE 2018-15727
In the meanwhile, my nginx config is blocking everything but the LAN ips :) -
- I do threat intel.
- Oh yeah? Name 4 critical vulnerabilities.
- Fortinet.
- That's on me, I set the bar too low.
1 -
So theoretically all it takes are 12 libes of Python for arbitrary Code Execution on a Windows system.
'Theoretically', because it loads Kernel Drivers, which any half decent antivirus can detect and block.
http://feedproxy.google.com/~r/...
https://github.com/zerosum0x0/...1 -
our website got hacked somebody downloaded the whole source code and sent an email to us.
seems like that person would demand ransom or anything.
We still can't find where is the door ( vulnerability ) through which he pulled all files.17 -
I reached out to a developer who's site was being contracted out to Amazon devs, because when their site launched it had a couple of security issues. This was his response:
"An additional thought/opinion... Just because a college freshman from Arizona wasn't too hungover to make the effort to notify us and take the liberty of classifying this as a security issue for us doesn't mean we need to take their word for it."5 -
Apple’s Vision Pro Hacked On Launch Day
Just within hours of Apple releasing its much-hyped mixed reality headset, Apple Vision Pro, a security researcher was able to discover a critical kernel vulnerability in the device’s software – visionOS, which, if exploited, could potentially enable jailbreaks and malware attacks. More detail:
https://aprogrammerlife.com/top-rat...
7 -
Don't need Netflix when you have a production deployment right before a long weekend. It has failed since last two weeks due to vulnerabilities present in one of libraries(P.S. FUCK JAVASCRIPT and Post release vulnerability scans!). You have rewritten the whole functionality from scratch twice! Security gates finally open for you, welcoming with arms wide open. So you click Deploy! DAFUQ!! FUCK MY LIFE! Deployment failed! It's only a 3 hour window to deploy! You frantically re-review your code, is it me?? Not again!! It isn't! Well, why is the deployment failing, you work against the clock. Going through configs, code, documentation! WTF is it?? Should I give up and raise a support ticket? Nope! You login to the server, sifting through logs and configs, there's a couple of other tickets with today's deadline. What are you going to do? And you get a hint! You take the hunch, change the config 5 minutes before deadline!
Get merge request approved, wait for the build, hit DEPLOY!! Nail biting 3 minutes! Your eyes fixed on the logs! Building..... Pushing instances..... Starting App..... SUCCESS!!! Finish the remaining tickets! Your long weekend still exists!3 -
Not a good year for Intel, is it? First the two Spectre variants and Meltdown, now the AMT vulnerability.
/Hugs his AMD systems while unplugging the Intel ones.7 -
Old unused military satellite to make international calls free. Local tv station to leak episodes. 4500 hosts zombie net with autoreplicant bots that scans for vulnerability to populate the net to do distributed denial of service attacks. Jumper on the neighborhood cabin to redirect the school's call for being absent, an older friend pretended to be my father.
-
I'm a fullstack engineer, this period there is literally nothing to do, we are a 1000+ employees company.
I got so bored I toke over the database of our production server two times in a week, exploiting dumb vulnerabilities I discovered out of boredom, of course I reported everything.
The funny thing is that they just don't care, no one took action or is willing to fix it and they actually insulted me because I set a query in sleep for 8 minutes exploiting one of the vulnerabilities.
I work for a great company that hosts (in this very server) most italian citizens informations C: free to take for everyone c:5 -
Everybody when a forced update is released: "I hate forced updates!! They can't force me to do shit!!"
Everybody when a massive ransomware attack happens: "You should've updated when the update came out, so you aren't vulnerable!"
If they made the fix for the WannaCry vulnerability forced, the attack wouldn't have been as big as it was.
Confession: I wish they made more forced updates :/
Also, I'll probably get a lot of hate about this...3 -
just found out a vulnerability in the website of the 3rd best high school in my country.
TL;DR: they had burried in some folders a c99 shell.
i am a begginer html/sql/php guy and really was looking into learning a bit here and there about them because i really like problem solving and found out ctfs mainly focus on this part of programming. i am a c++ programmer which does school contest like programming problems and i really enjoy them.
now back on topic.
with this urge to learn more web programming i said to myself what other method to learn better than real life sites! so i did just that. i first checked my school site. right click. inspect element. it seemed the site was made with wordpress. after looking more into the html code for the site i concluded all the images and files i could see on the site were from a folder on the server named 'wp-content/uploads'. i checked the folder. and here it got interesting. i did a get request on the site. saw the details. then i checked the site. bingo! there are 3 folders named '2017', '2018', '2019'. i said to myself: 'i am god.'
i could literally see all the announcements they have made from 2017-2019. and they were organised by month!!! my curiosity to see everything got me to the final destination.
with this adrenaline i thought about another site. in my city i have the 3rd most acclaimed high school in the country. what about checking their security?
so i typed the web address. looked around. again, right click, inspect element and looked around the source code. this time i was more lucky. this site is handmade!!! i was soooo happy because with my school's site i was restricted with what they have made with wordpress and i don't have much experience with it.
amd so i began looking what request the site made for the logos and other links. it seemed all the other links on the site were with this format: www.site.com/index.php?home. and i was very confused and still am. is this referencing some part of the site in the index.php file? is the whole site written inside the index.php file and with the question mark you just get to a part of the site? i don't really get it.
so nothing interesting inside the networking tab, just some stylesheets for the site's design i guess. i switched to the debugger tab and holy moly!! yes, it had that tree structure. very familiar. just like a project inside codeblocks or something familiar with it. and then it clicked me. there was the index.php file! and there was another folder from which i've seen nothing from the network tab. i finally got a lead!! i returned in the network tab, did a request to see the spgm folder and boooom a site appeared and i saw some files and folders from 2016. there was a spgm.js file and a spgm.php file. there was a contrib, flavors, gal and lang folders. then it once again clicked me! the lang folder was las updated this year in february. so i checked the folder and there were some files named lang with the extension named after their language and these files were last updated in 2016 so i left them alone. but there was this little snitch, this little 650K file named after the name of the school's site with the extension '.php' aaaaand it was last modified this year!!!! i was so excited! i thought i found a secret and different design of the site or something completely else! i clicked it and at first i was scared there was this black/red theme going on my screen and something was a little odd. there were no school announcements or event, nononoooo. this was still a tree structured view. at the top of the site it's written '!c99Shell v. 1.0...'
this was a big nono. i saw i could acces all kinds of folders. then i switched to the normal school website and tried to access a folder i have seen named userfiles and got a 403 forbidden error. wopsie. i then switched to the c99 shell website and tried to access the userfiles folder and my boy showed all of its contents. it was nakeeed naked. like very naked. and in the userfiles folder there were all, but i mean ALL files and folders they have on the server. there were a file with the salary of each job available in the school. some announcements. there was a list with all the students which failed classes. there were folders for contests they held. it was an absolute mess and i couldn't believe it.
i stopped and looked at the monitor. what have i done? just to learn some web programming i just leaked the server of the 3rd most famous high school in my country. image a black hat which would have seriously caused more damage. currently i am writing an email to the school to updrage their security because it is reaaaaly bad.
and the journy didn't end here. i 'hacked' the site 2 days ago and just now i thought about writing an email to the school. after i found i could access the WHOLE server i searched for the real attacker so if you want to knkw how this one went let me know in the comments.
sorry for the long post, but couldn't held it anymore13 -
Me currently in my 3rd year of university: hears about blockchain from my friends, reads 5 pages of ethereum white paper; sees a cool machine learning project, watches 2 weeks of Andrew Ng's course; plays a cool game, downloads Unity and makes a hello world game; hears about wifi vulnerability, purchases an ethical hacking course.
Number of things mastered: 05 -
CVE-2019-3568
Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
NSO group even sell a spyware application based on that vulnerability to governments.
Listen!!!!! I'm going to the toilet with my phone!!! Listen!!!3 -
The first time i've scripted something and found a vulnerability on a production web application was one of the best moment i've ever had, never been so excited!
(mmh, maybe i need to switch to security :D) -
I dont understand the Log4j vulnerability.
Isnt the ability to execute code a feature they added so that you can add dynamic data to the logs?
If it is a feature then isnt it written in the documentation?
Is the problem that a lot of companies forgot to sanitize the input before logging it?23 -
Hey fellow devRanters,
I'm sure some of you have read about the newest vulnerabilities in Intels Management Engine (ME). I feel like ME and similar "features" are unacceptable backdoors into our systems. Unfortunately Intel and AMD do not offer their customers the option to acquire CPUs that lack these backdoors and make disabling them rather impossible 😒
Thus my question: Do you guys know of any 64-bit "open-source" CPU on the market that is production-ready and suitable for high-traffic web applications? Please note that I don't consider FPGAs to be viable options, since I don't trust Xilinx and Altera either.15 -
Windows 10 is safe they said. Signature/https can be trusted they said.
When even NSA disclose "hacks" you know it's too big
https://wired.com/story/...4 -
I just remembered that 2 years ago I found an open-redirect vulnerability in one of Google's old pages.
I decided to not submit it to Google because it's too much effort (even though I knew they pay for these things) and told about it to a friend who deals with these things.
I was SO. DAMN. STUPID.1 -
This was initially a reply to a rant about politics ruining the industry. Most of it is subjective, but this is how I see the situation.
It's not gonna ruin the industry. It's gonna corrupt it completely and fatally, and it will continue developing as a toxic sticky goo of selfishness and a mandatory lack of security until it chokes itself.
Because if something can get corrupted, it will get corrupted. The only way for us as a species to make IT into a worthy industry is to screw it up countless times over the course of a hundred years until it's as stable and reliable as it can possibly be and there are as many paradigms and individually reasonable standards as there can possibly be.
Look around, see the ridiculus amount of stupid javascript frameworks, most of which is just shitcode upon vulnerabilities upon untested dependencies. Does this look to you like an uncorrupted industry?
The entire tech is rotting from the hundreds of thousands of lines of proprietary firmware and drivers through the overgrown startup scene to fucking Node.js, and how technologies created just a few decades ago are unacceptable from a security standpoint. Check your drivers and firmware if you can, I bet you can't even see the build dates of most firmware you run. You can't even know if it was built after any vulnerability regarding that specific microcontroller or whatever.
Would something like this work in chemical engineering? Hell no! This is how fucking garage meth labs work, not factories or research labs. You don't fucking sell people things without mandatory independent testing. That's how a proper industry works. Not today's IT.
Of course it's gonna go down in flames. Greed had corrupted the industry, and there's nothing to be done about it now but working as much as we can, because the faster we move the sooner we'll get stuck and the sooner we can start over on a more reasonable foundation.
Or rely on layers of abstraction and expect our code to be compilable on anything the future holds for us.2 -
I once had a manager who demanded I physically print all of the Kanban cards and tape them to the office whiteboard. I was told to move the cards across the board after they were moved in TFS. I still had to keep up with my other duties in the QA department too!
Despite that, I still stayed on board with the company (the pay was good, and the work was simple.) As a QA teeter, I uncovered a rather nasty security vulnerability that would have put all of our customers data at reach to anybody. I advised my manager, and was told - just ignore it and ship the code please. I refused.
I was threatened with being fired, verbally assaulted, and challenged at the most trivial ways in everything I did after that.
Jokes on him now. I work from home in my dream job, doing what I love, with a manager who actually gives a rats ass about my concerns.
Moral of the story here - you don't have to agree with your subordinates , but you do need to validate their concerns.4 -
Our ISP, that also offers us Television is smart, very smart... “One option is to provide an anonymous mailbox (eg. Gmail, Hotmail”
Wtf... Gmail != anonymous.
I was about to report a vulnerability I found in their system, with that I could access the whole digibox, recover recordings, copy the on demand things, and watch films.
2 -
Why does the point of sale machine open the cash drawer for a credit card sale ? Seems like a vulnerability to me.2
-
Y'all might wanna update your Win7, Win8 amd Win Server 2008.
RDP RCE with a CVSS pf 9.8.
https://blogs.technet.microsoft.com/...2 -
Challenge questions are so goddamn stupid.
Apparently I have an account with a certain online organization though I don't remember setting it up.
So naturally I had no idea of my username or password, so they asked me challenge questions.
It asked me the city of my birth, which is a place with a weird spelling. Because of that weird spelling, I never remember if I'm spelling it right (I was only there as a newborn infant) And I'm also supposed to remember if I capitalized it or not.
I hate challenge questions. And anyone doing any remotely simple research on me shouldn't have trouble learning what city I was born in so it seems to me it's a security vulnerability, nothing more.
And maybe I'm giving things away by saying it asks me that question, but it's a common security question any hacker would anticipate anyways.3 -
If you discovered a vulnerability affecting multiple of the big dogs, would file a cve and report it immediately or have some *fun* first?
-
Trustico CEO emailed private key which is used to sign TLS certificates, making more than 23k certificates compromised!
This makes me think, that we should not trust others for our security (like ca), failure of CA can put our website at risk. What is the better way to do it?
https://arstechnica.com/information...11 -
Microsoft C/C++ code keeps on giving:
https://msrc.microsoft.com/update-g...
Too sad, that Microsoft is too poor to afford good devs. As a lot of devs here are sure, that good devs surely can code safe and secure in C/C++, Microsoft probably just lacks the resources to get such devs to work for them.13 -
Today I found a vulnerability in an local agency website. It's one of the famous and biggest that if I would applied they wouldn't even look at my cv. Long story short, I managed to login to their admin dashboard and sent a screenshot of it as a twitter mention to them. All they did was to like the tweet while I had the chance to fuck up the website.5
-
I've always considered myself a stalwart proponent of strong, effective security. But I'll be damned if my company's security policy isn't choking it's developers out.
It's like whenever a developer requirement and potential security vulnerability meet, the company doubles down on the security side, ignores their dev's needs entirely, and then takes a privilege away just to punish us for having the audacity to try and do our God damn jobs.6 -
WordPress File Delete to Code Execution
The vulnerability was reported 7 months ago to the WordPress security team but still remains unpatched.
https://blog.ripstech.com/2018/...1 -
ok, but this is cool. it’s an image that renders differently on apple and non-apple devices. not sure if devRant will process it so it doesn’t work, but this is cool. also a huge vulnerability for apple, but cool.
9 -
Another day, another critical vulnerability due to an out of bounds write that could never have occurred in Rust
https://github.com/openssl/openssl/...30 -
my old game had this flow every time a client places an object:
Client A creates a new generic object, and attaches texture paths (yep, global paths are allowed), and... lua code as strings to it.
Client A sends the entire object list to the server
Server receives it, replaces it's own object list
Server copies the entire object list and sends it to all clients
Client A and Client B both receive the object list and replace their versions.
All clients see that the object contains some code as strings
They compile and store it, and then run every frame. UNSANDBOXED.
any client could make all other ones execute any code and i was proud of my idea! -
Gaining root in Macs by not using a password, a vulnerability in HomeKit devices allowing unauthorized remote access.
https://9to5mac.com/2017/12/...
Next you tell me FaceID isn't as secure as you want me to believe.
Oh, wait...1 -
So this is kinda hard to talk about but.. I finally got to a point in my career where I don't have a boss, work remote, make my own schedule etc.. problem is .. I am very low on productivity I feel like I'm working maybe 1/10th of my capacity and although Yea this may sound dream-like .. it gets old and I'm realizing that I used to excel at my last job for my boss.. I wanted to please him in every way for validation and acceptance..
Yea that's dysfunctional as fuck .. so basically how the hell do i use my own mind to drive my excellence? I'm so lost and don't really know how to find the motivation that people pleasing once brought me..
For some context as well, I have also done a lot of psychedelics over the past couple years and it has basically destroyed my ego .. "but that's a good thing" you say?
Well yes and no, I used to rely on my ego to drive me on my own in lieu of wanting acceptance and validation from my boss. So that was a bit unexpected, getting rid of my ego got rid of my dysfunctional drives to prove myself to others and seek acceptance..
Gahh I'm ranting :'D
TL;DR: how do you motivate yourself if you've traditionally found motivation through pleasing others???4 -
A while ago I was asking wtf is this new trend with using 0.0.0.0 as a target address for connect()'ing TO.
Turns out, I was asking the right questions. This nonsense will soon be blocked in browsers, as it's a dumb security issue.
ref.: https://oligo.security/blog/...3 -
WTF kind of bullshit software is sonar.
I can't deploy my application because sonar is telling me that there is a vulnerability. So I look at it. IT'S A FUCKING DEV DEPENDENCY. Are you fucking serious sonar? I can't deploy because a dev dependency has a vulnerability that allows DOS attacks. What the fuck do you think will happen?! I'm going to DOS my own fucking application whilst coding or what? Who the fuck would even care?!
I fucking hate our Pipeline, all the tools behind it operate like shit. the only thing positive about it, is that I am able to deploy applications myself without having to call someone and wait a week. Because putting a file in a directory is hard ._.3 -
So I promised a post after work last night, discussing the new factorization technique.
As before, I use a method called decon() that takes any number, like 697 for example, and first breaks it down into the respective digits and magnitudes.
697 becomes -> 600, 90, and 7.
It then factors *those* to give a decomposition matrix that looks something like the following when printed out:
offset: 3, exp: [[Decimal('2'), Decimal('3')], [Decimal('3'), Decimal('1')], [Decimal('5'), Decimal('2')]]
offset: 2, exp: [[Decimal('2'), Decimal('1')], [Decimal('3'), Decimal('2')], [Decimal('5'), Decimal('1')]]
offset: 1, exp: [[Decimal('7'), Decimal('1')]]
Each entry is a pair of numbers representing a prime base and an exponent.
Now the idea was that, in theory, at each magnitude of a product, we could actually search through the *range* of the product of these exponents.
So for offset three (600) here, we're looking at
2^3 * 3 ^ 1 * 5 ^ 2.
But actually we're searching
2^3 * 3 ^ 1 * 5 ^ 2.
2^3 * 3 ^ 1 * 5 ^ 1
2^3 * 3 ^ 1 * 5 ^ 0
2^3 * 3 ^ 0 * 5 ^ 2.
2^3 * 3 ^ 1 * 5 ^ 1
etc..
On the basis that whatever it generates may be the digits of another magnitude in one of our target product's factors.
And the first optimization or filter we can apply is to notice that assuming our factors pq=n,
and where p <= q, it will always be more efficient to search for the digits of p (because its under n^0.5 or the square root), than the larger factor q.
So by implication we can filter out any product of this exponent search that is greater than the square root of n.
Writing this code was a bit of a headache because I had to deal with potentially very large lists of bases and exponents, so I couldn't just use loops within loops.
Instead I resorted to writing a three state state machine that 'counted down' across these exponents, and it just works.
And now, in practice this doesn't immediately give us anything useful. And I had hoped this would at least give us *upperbounds* to start our search from, for any particular digit of a product's factors at a given magnitude. So the 12 digit (or pick a magnitude out of a hat) of an example product might give us an upperbound on the 2's exponent for that same digit in our lowest factor q of n.
It didn't work out that way. Sometimes there would be 'inversions', where the exponent of a factor on a magnitude of n, would be *lower* than the exponent of that factor on the same digit of q.
But when I started tearing into examples and generating test data I started to see certain patterns emerge, and immediately I found a way to not just pin down these inversions, but get *tight* bounds on the 2's exponents in the corresponding digit for our product's factor itself. It was like the complications I initially saw actually became a means to *tighten* the bounds.
For example, for one particular semiprime n=pq, this was some of the data:
n - offset: 6, exp: [[Decimal('2'), Decimal('5')], [Decimal('5'), Decimal('5')]]
q - offset: 6, exp: [[Decimal('2'), Decimal('6')], [Decimal('3'), Decimal('1')], [Decimal('5'), Decimal('5')]]
It's almost like the base 3 exponent in [n:7] gives away the presence of 3^1 in [q:6], even
though theres no subsequent presence of 3^n in [n:6] itself.
And I found this rule held each time I tested it.
Other rules, not so much, and other rules still would fail in the presence of yet other rules, almost like a giant switchboard.
I immediately realized the implications: rules had precedence, acted predictable when in isolated instances, and changed in specific instances in combination with other rules.
This was ripe for a decision tree generated through random search.
Another product n=pq, with mroe data
q(4)
offset: 4, exp: [[Decimal('2'), Decimal('4')], [Decimal('5'), Decimal('3')]]
n(4)
offset: 4, exp: [[Decimal('2'), Decimal('3')], [Decimal('3'), Decimal('2')], [Decimal('5'), Decimal('3')]]
Suggesting that a nontrivial base 3 exponent (**2 rather than **1) suggests the exponent on the 2 in the relevant
digit of [n], is one less than the same base 2 digital exponent at the same digit on [q]
And so it was clear from the get go that this approach held promise.
From there I discovered a bunch more rules and made some observations.
The bulk of the patterns, regardless of how large the product grows, should be present in the smaller bases (some bound of primes, say the first dozen), because the bulk of exponents for the factorization of any magnitude of a number, overwhelming lean heavily in the lower prime bases.
It was if the entire vulnerability was hiding in plain sight for four+ years, and we'd been approaching factorization all wrong from the beginning, by trying to factor a number, and all its digits at all its magnitudes, all at once, when like addition or multiplication, factorization could be done piecemeal if we knew the patterns to look for.7 -
Well for starters the website that gave you assignments on security of web applications shouldn't have an SQL injection vulnerability on the login page.
Next would be the method of teaching, they would skip what not to do and go straight to what you should do. This in turn causes people to use the exec command in php that actually takes a POST parameter.
And stop allowing teachers to be lazy fucks that don't explain shit and only give you assignments.
And finally when telling the teacher that a method he uses would cause another vulnerability the teacher should properly fix this issue not say it is for an "advanced course".
Yes I am pissed -
USB ports are such a vulnerability.
Using a device as cheap as a Teensy you can easily execute whatever malicious software you'd like on a person's computer.4 -
If only NPM' security team (so pretty much NSP's) would inform the package owners as soon as they discover vulnerabilities and give them the standard 30-90 days to fix them and release a new version before going public, instead of straight out publishing the security audits which generates noise on the terminal (obviously when using npm) and on Github
-
!rant
iOS 11 have a vulnerability allowing attacker to bypass your lock screen and brick your phone via prepared “dev profile”. Do not download any utrusted stuff untill official fix ;)7 -
Just sat through a demo of some clicky-draggy data visualisation stuff.
The guy showed us how you can write a custom script that takes a user input and pokes it into a sql command using string concatenation, so a very obvious injection vulnerability.
Ok, so it's only a demo. But you wouldn't do a demo with an example user called Captain Cock, so why do a demo with a screamingly obvious security hole?
Whole thing was basically pivot tables in a short skirt anyway.5 -
NVD NIST cve CVSS v4 no rating, v3 rating critical vulnerability
description text low severity, no mitigation solution
what the fuck is this , is it critical or not and what the fuck should i do to solve it, what the fuck4 -
How to discover and exploit vulnerabiliy in program or IoT firmware?C++, asm, writing zero-days, i have always been amazed by that. Art.
-
Target #1 - Aim to further develop my university security project (A python based vulnerability scanner), and move this over to GitHub.
Target #2 - Aim for reaching ten contributions on open source projects and start building up my developer profile pre-graduation in September! -
When the pen testers find a "vulnerability" and say it would be very difficult for someone to exploit it. Yeah, in that case they might as well say if you solve p vs np you can break it but it would be very difficult.
-
The company I work in recently made a subdomain where you need to figure out how to hack the page using a vulnerability they subtly put there. If u are successful u get an interview. I looked it over for fun and was able to do it. But since i already work there i was thinking of telling a friend id love to join us but was rejected a month ago when they interviewed him about how i did it so he can apply maybe they give him another chance. do you think I should do that?
Note that i referred him last month and hes a fresh grad with not much experience3 -
Hi!
I want to know if there is possibility to find a vulnerability on a .jar file.
I tried to install Kali on VM (for now) and tried to use metasploit but I found that it attacks the inter system on a indicated ip address.
There are many application or video (and so on) for my problem?
This .jar file is an application and I want to do pentesting...
Sorry for my poor english but it isn't my native language.
I'm new in pentesting wolrd 🤣7 -
PHP is so insecure and vulnerable that it makes me feel unsafe. It has so many features and settings that can lead to security risks, such as register_globals, magic_quotes, and allow_url_fopen. It also has so many functions that can execute arbitrary code or commands, such as eval, exec, and system.
It is like PHP was designed by a bunch of hackers who wanted to exploit every possible loophole.8 -
Hey ... Is it possible to figure out the clients path (f.e. C:\Users\...) to a file he uploaded to a website on the server side?
My boss thinks it could be done and wants me to programm it. But I think we'd need a zero day vulnerability in a specific (and probably very old) browser to do something like that... That would be a huge security issue...
Wouldn't it?
What do you think?13 -
Finally I finished the exams, now I have to write my thesis. An agency who wants remain anonymous at the moment told my supervisor to choose a student who will works out on the ransomware argument. The relator was a little bit scared about consequences but I'm pressing to write a controlled ransomware in a closed network brtween virtual machines. What qualities a good ransomware should has?
Mutable structure to avoid antivirus detection? Good exploits and vulnerability scanners to make itself viral? The payload should stay in the code or should be downloaded from a server? I need some reference on analysis of vx codes, any help? -
Which one comes first? vulnerability or threat? 🤔🤔 I would go with vulnerability how about you guys?5
-
Somebody forgot to correctly match the external url on login success and failure, now google may use my cookies for the better good.
https://symfony.com/blog/...
-
Is there a server-oriented Linux system that is more secure than Ubuntu Pro? With its 24-hour unattended vulnerability patches, I doubt anything free beats it. Btw it’s free for personal use6
-
"We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"
https://twitter.com/seecurity/...
Let's see how this unfolds. While there is chaos I trink some tea and laugh, because I never send critical information over e-mail. 🧐🍵4 -
Great feeling when the pen testers couldn't find the "unfixable" vulnerability your new feature created, and you go on holiday soon.
-
Me: Why do we do this this time consuming, low value thing?
My tech lead: Because if we don't, a box becomes red on some executive report.
Me: Why is this deadline so important? It's not customer facing or any kind of critical bug/vulnerability?
My tech lead: Because it was a company wide mandate, and we'll show up on some executive report if we're late.
Me: *angry dev noises*
They must dole out lashings to the tech leads and the directors any time we fail to meet some completely arbitrary demand. The act like the world is going to end any time we get too close to a deadline 🤦♂️
Makes no sense that they then turn around and worship the ground senior leadership walks on. I wonder if it's some weird form of stockholm syndrome.3 -
I recently recommended that we fix a gap in the current CSRF implementation.
I’m asked by a fucking business guy that if we haven’t seen an issue till now, why is this a priority?
Should I demo the vulnerability? Why can’t they fucking trust the people that they hire? It’s not like I wanna do it for some selfish motive. -
Just discovered someone I told about a hack for the computers in school (nothing difficult just booting from a USB) had a link to C2K the company that provides the system and told them about it and now they've patched it up, so in a way, it's my first security vulnerability report, in another way, I can no longer play games and program in free
-
Tried out the node.js code demo in this book.
🤦♂️
Terrible format, use tab for indentation, very very long function, redundant code (eg: new Buffer vulnerability)...
The major issue is none of the total.js nosql code works. Eg:
db.clear()
db.insert({...data})
Without any asynchronous call, how do you expect this to work?!
Just fixed the code and updated npm modules for demos in Chapter 3 btw... Took way longer than expected.
3 -
I signed up to a website, and my password contained & symbol, got an error that password cannot contain that symbol, I thought we are way beyond vulnerability of SQL injection?
Or that symbol can be used for some other attacks?5 -
Two security researchers have published details about a vulnerability in the Windows Printing Service which impacts all Windows versions.
According to a Report of ZDNet : The vulnerability codenamed 'PrintDemon' which is located in Windows Print Spooler (Windows component responsible for managing print operations). The service sends data to be printed to a USB port for physically connected printers. In a report published, security researchers Alex Ionescu & Yarden Shafir said they found a bug in this old component that can be abused to hijack the Printer Spooler internal mechanism. The bug can not be used to break into a Windows client remotely over the internet, so it's not something that could be exploited to hack Windows systems over the internet.4 -
👨💻 White hat
🤖❓️🤡❗️ Slack
😡😨😨😨
😨😨😨🙄 B2B clients
🤖🤡🤖🤡
🤡🤖🤡🤖
🤖🤡🤖🤡
🤡🤖🤡🤖 HackerOne
🤖 🤖 🤖
🤡🤡🤡🤡
🤡🤡 🤖 🤖
🤡🤡🤡 🤡
🤖 🤖
🤖 🤖
🤖🤖 🤖🤖 Zendesk1 -
I just read about the Thunderbolt port vulnerability but it seems that port is interchangeable with USB C, just faster? But basically any USBC ports are vulnerable then? Or just the rounded ones like on phones?
Normal USB 3 rectangular ports on PCs are fine?5 -
Devs and security researchers out there!!
I had a doubt regarding subdomain takeover vulnerability.
How to find where a site is hosted on heroku or AWS or heroku or more?
I was trying to write a script for it.
Any expertise will be welcomed.2 -
this afternoon, we got email from our pentester. He said that he got some security vulnerability in our project. He found .git/ folder in project directory in production server. He considered it as security vulnerability because user can see all git branch on remote repo. He recommend us to remove that folder but the problem is, we using CI/CD so we need that .git/ folder. My question is it bad practice to use git on production server?10
-
Sometimes I'll block a code submission with the words security vulnerability", then go have a 10 minute break to see if the others can spot it on their own.
Top Tags
Weekly Rant
View