Holy moly, this is a fantastic 37C3 talk about security researchers getting attacked and they reverse-engineer and fully disclose the entire – very advanced – attack. Operation Triangulation: What You Get When Attack iPhones of Researchers Very impressive!
Securing our home labs: Frigate code review
This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.
The post Securing our home labs: Frigate code review appeared first on The GitHub Blog. ⌘ Read more
So.. Of y’all that had covid. Did you have at the end a night where for no reason your brain amped up to 11 and can’t sleep at all? It happened to me last night and my FIL the night before.
I went to bed at 8 and woke up full on anxiety attack at 12 and could not calm my head until around 7 am. Today has sucked a lot.
So.. Of y’all that had covid. Did you have at the end a night where for no reason your brain amped up to 11 and can’t sleep at all? It happened to me last night and my FIL the night before.
I went to bed at 8 and woke up full on anxiety attack at 12 and could not calm my head until around 7 am. Today has sucked a lot.
What’s The Difference Between Heart Attacks and Cardiac Arrest? #neildegrassetyson href=”https://txt.sour.is/search?q=%23startalk”>#startalk** ⌘ Read more
Under the counter deals, ‘chop-chop’ and arson attacks: Inside Victoria’s illegal tobacco market
Police are stepping up their efforts to tackle the illegal tobacco market, after a string of arson attacks against shops in Victoria. ⌘ Read more
JMP: CertWatch
As you may have already seen, on October 21st, it was reported that a long-running, successful MITM (Machine-In-The-Middle) attack against jabber.ru had been detected. The nature of this attack was not specific to the XMPP protocol in any way, but it was of special interest to us as members of the XMPP community. This kind of attack relies on being able to present a TLS certificate which anyone trying to connect will accept as valid. In this case, it was done b … ⌘ Read more
Snikket: On the jabber.ru MITM attack
This post is about a recent security incident on a public XMPP service, which
provides jabber.ru and xmpp.ru. We have received a few questions from Snikket
users about whether they should be concerned about the security of their own
servers (Snikket also uses XMPP).
The good news is that Snikket was not affected by this incident - this was a
targeted attack against the jabber.ru/xmpp.ru service specifically. Later in
the post we’ll share more information about what we’ve done, and … ⌘ Read more
Its nuts. Im a bit lost for words to be honest. Such a shock-attack, and taking civilians as hostages, shooting them, killing them, torture, kidnap kids and so on. Oooffff. Wonder what the response and aftermath will be..
Ignite Realtime Blog: CVE-2023-32315: Openfire vulnerability (update)
A few months ago, we published details about an important security vulnerability in Openfire that is identified as CVE-2023-32315.
To summarize: Openfire’s administrative console (the Admin Console), a web-based application, was found to be vulnerable to a path traversal attack via the setup environ … ⌘ Read more
mTLS: When certificate authentication is done wrong
In this post, we’ll deep dive into some interesting attacks on mTLS authentication. We’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages.
The post mTLS: When certificate authentication is done wrong appeared first on [The Gi … ⌘ Read more
Hardening repositories against credential theft
Some best practices and important defenses to prevent common attacks against GitHub Actions that are enabled by stolen personal access tokens, compromised accounts, or compromised GitHub sessions.
The post Hardening repositories against credential theft appeared first on The GitHub Blog. ⌘ Read more
Russia attacks 200m from Nato border, you think Nato would react if the attack went 1 meter over the border?.. Or would they just come with excuses on why not to intervene?
Power LED Attack - Computerphile ⌘ Read more
There was a MrBallen video with the same type of story. Some younger woman died of a heart attack while sitting up in her own coffin.
Orcas attacking boats wasn’t on my 2023 bingo card but amused all the same
LogJam Attack - Computerphile ⌘ Read more
SUSE CEO out effective immediately, replacement CEO not available until later.
A failed IPO, political attacks, and purchased “awards” are the legacy of the departing CEO of the oldest Linux company. ⌘ Read more
お知らせ:J-CLICS攻撃経路対策編 ⌘ Read more
GitHub Security Lab audited DataHub: Here’s what they found
The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform’s authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform. ⌘ Read more
PEP 708: Extending the Repository API to Mitigate Dependency Confusion Attacks
Dependency confusion attacks, in which a malicious package is installed instead of the one the user expected, are an increasingly common supply chain threat. Most such attacks against Python dependencies, including the recent PyTorch incident, occur with multiple package repositories, where a dependency expected to come from one repository (e.g. a custom index) is installed from another (e.g. PyPI). ⌘ Read more
What can we do, if the Server suffers from a DDOS attack. Is Port 71 working in this case or is the server down then?
I know someday I will die of a heart attack in 4th quarter of a Vikings game.
The importance of improving supply chain security in open source
We think a lot about a high-profile supply chain attack that might cause developers, teams, and organizations to lose trust in open source. That’s why we’re investing in new ways to protect the open source ecosystem. ⌘ Read more
❤️ 🎶: Divine Attack - Shingeki - by BABYMETAL
Resolve Vulnerabilities Sooner With Contextual Data
OpenSSL 3.0.7 and “Text4Shell” might be the most recent critical vulnerabilities to plague your development team, but they won’t be the last. In 2021, critical vulnerabilities reached a record high. Attackers are even reusing their work, with over 50% of zero-day attacks this year being variants of previously-patched vulnerabilities. With each new security vulnerability, we’re […] ⌘ Read more
How Lunduke handles conflict, personal attacks, & political differences in the Tech industry
Listen now (51 min) | The Lunduke Journal Podcast - September 7, 2022 ⌘ Read more
New request for comments on improving npm security with Sigstore is now open
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore. ⌘ Read more
Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers. ⌘ Read more
content="width=device-width" to your viewport meta tag will help massively with scaling on different device widths.
Thanks for the feedback! This site was designed to look perfect on good old 800x600 monitors (I even left a comment next to the meta tag). Maybe I’ll add a mobile-friendly version someday :-) P.S. Nice try with SQL injection, haha. Do you have any plans for XSS attacks? :D
**Apparently, there are still those who they’re able to fool others with the argument “we cannot fight the climate crisis now, because we have to take care of the economy.”
This “economy first” approach is naive: the climate crisis attacks the economy too:
https://www.weforum.org/agenda/2021/06/impact-climate-change-global-gdp/**
Apparently, there are still those who they’re able to fool others with the argument “we cannot fight the climate crisis now, because we have to take care of the economy.”
This “econ … ⌘ Read more
Lone surviving attacker in Paris massacre guilty of murder, jailed for life
Islamic State extremist Salah Abdeslam was given the most severe sentence possible for his role in the deadly 2015 bombings and shootings that killed 130 people. ⌘ Read more
Russia’s Putin visits ‘friendly’ Central Asia on first trip abroad during war
Russia has been at pains to show it’s not under international isolation despite unprecedented US and European sanctions imposed over its attack on Ukraine. ⌘ Read more
Hindu man beheaded in India over support for Prophet Mohammed remarks
The victim was a tailor who shared a social media post supporting former BJP spokeswoman Nupur Sharma, according to local media. A video of the attack was widely shared online. Two men have been arrested. ⌘ Read more
US urged to plan minelaying campaign to halt mainland Chinese attack on Taiwan
A US navy commander suggests that laying mines in the Yellow Sea and Pearl River Delta could help bring Beijing to the negotiating table. ⌘ Read more
Russian missiles hit crowded shopping centre in Ukraine, Zelensky says
More than 1,000 people were in the shopping centre at the time of the attack, according to President Volodymyr Zelensky. ;It is impossible to even imagine the number of victims’, he said. ⌘ Read more
Violence against women in China: outrage over video of furious attack by teen boy on secondary schoolgirl classmate after a board game dispute
A wave of public outrage has spread across social media in mainland China after the emergence of a graphic video of a boy violently attacking a female secondary school classmate. ⌘ Read more
Call reveals Russia’s Putin told Macron he ‘wanted to play ice hockey’ on eve of Ukraine invasion
The final call between the French and Russian leaders just four days before Putin ordered the attack on Ukraine is filled with tension and bizarre moments. ⌘ Read more
China ‘no-limits’ vow with Russia raises Pentagon urgency to prepare for Guam attack: US commander
‘Extremely dangerous’ if Beijing and Moscow were to make good on recent doubling down of partnership, says US Indo-Pacific Commander John Aquilino. ⌘ Read more
Hong Kong chauffeur acquitted on charge of inciting members of drivers’ WhatsApp group to attack police with machetes
District Court accepts Fong Man-ho’s defence that he was merely venting his frustration at police’s handling of 2019 protests and posted remarks on impulse. ⌘ Read more
Chinese security official calls for crackdown on gangs following Tangshan attack
The political and legal affairs chief urges authorities to ‘fight against evil’ in the wake of a brutal assault on women in northern China. ⌘ Read more
US Capitol riot hearings to take break as new evidence floods in
Lawmakers investing the January 6 attack have received a glut of new video footage of Trump and his family from a documentary filmmaker. ⌘ Read more
Ukraine says it hit Black Sea oil platform used by Russia’s troops
The attack was the first such strike against offshore energy infrastructure in Crimea since the start of Moscow’s invasion in February. ⌘ Read more
Police officer fired and 5 placed under investigation over attack in women in Chinese city of Tangshan
A deputy district commander was dismissed from his post with the others being investigated by the local disciplinary watchdog ⌘ Read more
Hong Kong protests: 2 teenagers sentenced to correctional training, hard labour for vandalising bakery during 2019 protests
Student, 18, and boy, 15, plead guilty to count of criminal damage for attack on Arome Bakery in Tseung Kwan O Plaza. ⌘ Read more
Beijing is likely to step up its campaign to ‘reunify’ with Taiwan, analysts say
Chance of an armed conflict is higher than five years ago as PLA ‘will soon be equipped with the tools needed’ to attack the island, analyst says. ⌘ Read more
Woman arrested for making anti-Asian remarks, pepper spraying 4 people in New York
Madeline Barker was charged with hate crimes over the June 11 attack in which she pepper-sprayed four Asian women. ⌘ Read more
Tangshan restaurant attack suspect was wanted by Chinese authorities over previous crimes
One of the man accused of attacking women in a restaurant was named as a fugitive in court records over a previous assault. ⌘ Read more
Chinese destroyer on long-distance exercises in Sea of Japan, to deter ‘attack on Taiwan’
Japan’s Defence Ministry said 3 ships were spotted on Sunday travelling toward Sea of Japan. Global Times reported the mission was part of China’s military build-up aimed at deterring a foreign intervention in the event of an attack on Taiwan. ⌘ Read more
‘No basis’ for attack fears in China’s new rules for PLA activities
Regulation covers PLA missions from disaster relief to humanitarian aid and peacekeeping, as well as its response to political crises at home and overseas. ⌘ Read more
Indian forces in Kashmir kill militants suspected of targeted shooting, part of increased counter-insurgency effort
It’s believed they were Kashmir Freedom Fighters who claim responsibility for shooting a bank manager this month. At least 16 people – both Hindu and Muslims – have been killed in targeted attacks in Kashmir this year. ⌘ Read more
Q: Are passphrases really more secure than cryptographically random passwords? 🤔
I have to wonder… It should be possible to do “passphrase” attacks just like “dictionary” attacks? How is a “phrase” any different to the character set you can type? Sure there are more possible “words” (at least) in the English language, but I’m not convinced.
d65536
⌘ Read more
npm security update: Attack campaign using stolen OAuth tokens
npm’s impact analysis of the attack campaign using stolen OAuth tokens and additional findings. ⌘ Read more
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users. ⌘ Read more
How to secure your end-to-end supply chain on GitHub
Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We’ve seen bad actors expand their focus to taking over user accounts, commonly used dependencies, and also build systems. Defending against these attacks is hard, because there’s no one thing you can do to protect your […] ⌘ Read more
Spacecraft Debris Odds Ratio
⌘ Read more
not the best move on the side of the red cross to call me and tell me it’s because of my blood donation — i nearly had a panic attack for the 10 seconds that they didn’t tell me it was all fine (why would you call me then‽ and why speak as if you’re going to tell me i’ll be dead in a month‽)
Vulnerability Alert: Avoiding “Dirty Pipe” CVE-2022-0847 on Docker Engine and Docker Desktop
You might have heard about a new Linux vulnerability that was released last week, CVE-2022-0847, aka “Dirty Pipe”. This vulnerability overwrites supposedly read-only files in the Linux kernel host, which could enable attackers to modify files inside the host images from the container instance. If you use Docker Engine natively, we recommend you should update … ⌘ Read more
Conservative leadership race turns nasty between Poilievre and Brown
Encoding and escaping untrusted data to prevent injection attacks
Practical tips on how to apply OWASP Top 10 Proactive Control C4. ⌘ Read more
My public VPS is now only accessible via SSH from my tailnet. One more possible attack vector less. ⌘ Read more
friendlyjordies Attacks Labor ⌘ Read more
Securing the Software Supply Chain with Docker Business
Organizations are increasingly facing new challenges in trying to protect their software supply chain. This has become especially difficult as the workforce has transitioned to a more distributed model with organizations scaling and onboarding more developers on distributed teams. With the number of software supply-chain attacks increasing by 650% in 2021, coordinating all of these […]
The post [Securing the Software Su … ⌘ Read more
Just reading in-depth and trying to understand the security model of Delta.Chat a bit more… There’s a few things that really concern me about how Delta.Chat which relies on Autocrypt work:
- There is no Perfect Forward Secrecy
- No verification of keys
- Is therefore susceptible to Man-in-the-Middle attacks
- Is therefore susceptible to Man-in-the-Middle attacks
- Metadata is a BIG problem with Delta.Chat:
- The
ToandFromandDateare trackable by your Mail provider (amongst many other headers)
- The
Hmmm 🤔 cc @deebs@twtxt.net
Notary v2 Project Update
Supply chain security is something that has been increasingly important to all of us in the last few years. Almost as important as the global supply chains that are having problems distributing goods around the world! There have been many attacks via the supply chain. This is where some piece of software that you use […]
The post Notary v2 Project Update appeared first on Docker Blog. ⌘ Read more
Docker is Updating and Extending Our Product Subscriptions
Docker is used by millions of developers to build, share, and run any app, anywhere, and 55% of professional developers use Docker every day at work. In these work environments, the increase in outside attacks on software supply chains is accelerating developer demand for Docker’s trusted content, including Docker Official Images and Docker Verified Publisher […]
The post [Docker is Updating and Extending Our Product Subscriptions](https:/ … ⌘ Read more
just to make clear: people who actually identify as attack helicopters are unironically valid
Building a healthy and secure software supply chain
Securing the software supply chain is now an everyday concern for developers. As attackers increasingly target open-source components as a way to compromise the software supply chain, developers hold the keys to making their projects as secure as they can be. That’s why Docker continues to invest heavily in our developer tools like Docker Desktop […]
The post [Building a healthy and secure software supply chain](https://www.d … ⌘ Read more
Avoiding npm substitution attacks ⌘ Read more…
I just love seeing IPs being banned after trying to attack my server. It feels really good. Take that bad Russian hackers !
#now-playing ‘Flying Saucer Attack’ by Flying Saucer Attack https://flyingsaucerattack.bandcamp.com/album/flying-saucer-attack-aka-rural-pyschedelia
Metcalf sniper attack - Wikipedia https://en.wikipedia.org/wiki/Metcalf_sniper_attack
Attack of the Flying Space Dwarves! | Mysterious Universe https://mysteriousuniverse.org/2019/02/attack-of-the-flying-space-dwarves/
Bad idea of the day: One of those franchise-themed fighting games, except it’s a rap battle. You get dealt a hand of possible lines, with points for internal rhyme and novelty, & multipliers for referencing previous lines & opponent backstory. External rhymes are combo attacks
“Learn to Code”: The Twitter Meme Attacking Media - The Ringer https://www.theringer.com/tech/2019/1/29/18201695/learn-to-code-twitter-abuse-buzzfeed-journalists
The Messy Truth About Infiltrating Computer Supply Chains https://theintercept.com/2019/01/24/computer-supply-chain-attacks/
Bad idea of the day: live your life as though it is a bayesian poisoning attack on the basilisk
Band name of the day: unmasked attacks
If ‘Evil Maid Attack’ doesn’t literally become the name of an anime soon what is the industry even doing? It’s right there.
forget ethical considerations, the real reason you should leave primitive civilizations alone is that they provide critical input to the drake equation and allow you to estimate the likelyhood of an attack by a more advanced civilization
Band name of the day: vicious attack dolls
You have the right to a wheel. If you do not have a wheel, one will be provided for you. Please use METAL – not ORGANIC – limbs. We disclaim all liability if you use your own limbs during a sonic attack!
Conspiracy theory: the Sonic The Hedgehog franchise is elaborate fanfiction for the Hawkwind track Sonic Attack, from the perspective of the antagonist. The VO in that track is Dr Robotnik.
Hawkwind - Sonic Attack - YouTube https://www.youtube.com/watch?v=LwRvWpsiM2w
VR games specifically designing for sticking your head into the environment: Messages on the insides of banana peels, easter egg worlds hidden in snowglobes, black holes near which you can see what happened five minutes ago, fight games where headbutts are a legit attack
Band name of the day: the red-mad attacks
[1801.01944] Audio Adversarial Examples: Targeted Attacks on Speech-to-Text https://arxiv.org/abs/1801.01944
Is the Mill Architecture (https://en.wikipedia.org/wiki/Mill_architecture) immune to the new out-of-order-execution attacks, theoretically?
Dangerous sound? What Americans heard in Cuba attacks https://apnews.com/88bb914f8b284088bce48e54f6736d84?utm_source=nextdraft
It is critical to an alkahest’s functioning to constantly dissolve itself into new forms, to find one that can attack or escape the problem.
A core principle of attack magic is: Disorder is easy. Destructive spells are easier than their constructive versions.↵Just consider nukes.
Attack it! Tunnel into it, fashion iridescent sculptures from its ice, gift the frozen dreams of others to unsuspecting strangers.