Searching txt.sour.is

Twts matching #attack
Sort by: Newest, Oldest, Most Relevant

So.. Of y’all that had covid. Did you have at the end a night where for no reason your brain amped up to 11 and can’t sleep at all? It happened to me last night and my FIL the night before.

I went to bed at 8 and woke up full on anxiety attack at 12 and could not calm my head until around 7 am. Today has sucked a lot.

⤋ Read More

So.. Of y’all that had covid. Did you have at the end a night where for no reason your brain amped up to 11 and can’t sleep at all? It happened to me last night and my FIL the night before.

I went to bed at 8 and woke up full on anxiety attack at 12 and could not calm my head until around 7 am. Today has sucked a lot.

⤋ Read More

JMP: CertWatch
As you may have already seen, on October 21st, it was reported that a long-running, successful MITM (Machine-In-The-Middle) attack against jabber.ru had been detected. The nature of this attack was not specific to the XMPP protocol in any way, but it was of special interest to us as members of the XMPP community. This kind of attack relies on being able to present a TLS certificate which anyone trying to connect will accept as valid. In this case, it was done b … ⌘ Read more

⤋ Read More

Snikket: On the jabber.ru MITM attack
This post is about a recent security incident on a public XMPP service, which
provides jabber.ru and xmpp.ru. We have received a few questions from Snikket
users about whether they should be concerned about the security of their own
servers (Snikket also uses XMPP).

The good news is that Snikket was not affected by this incident - this was a
targeted attack against the jabber.ru/xmpp.ru service specifically. Later in
the post we’ll share more information about what we’ve done, and … ⌘ Read more

⤋ Read More
In-reply-to » Another day, another terror war breaks out. Sickening videos and images getting out of there. So glad I do not live in a shithole wartorn place to be honest, but feel bad for those who live that way. Innocent people getting murdered every day for nothing.

Its nuts. Im a bit lost for words to be honest. Such a shock-attack, and taking civilians as hostages, shooting them, killing them, torture, kidnap kids and so on. Oooffff. Wonder what the response and aftermath will be..

⤋ Read More

Ignite Realtime Blog: CVE-2023-32315: Openfire vulnerability (update)
A few months ago, we published details about an important security vulnerability in Openfire that is identified as CVE-2023-32315.

To summarize: Openfire’s administrative console (the Admin Console), a web-based application, was found to be vulnerable to a path traversal attack via the setup environ … ⌘ Read more

⤋ Read More

mTLS: When certificate authentication is done wrong
In this post, we’ll deep dive into some interesting attacks on mTLS authentication. We’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages.

The post mTLS: When certificate authentication is done wrong appeared first on [The Gi … ⌘ Read more

⤋ Read More

GitHub Security Lab audited DataHub: Here’s what they found
The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform’s authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform. ⌘ Read more

⤋ Read More

PEP 708: Extending the Repository API to Mitigate Dependency Confusion Attacks
Dependency confusion attacks, in which a malicious package is installed instead of the one the user expected, are an increasingly common supply chain threat. Most such attacks against Python dependencies, including the recent PyTorch incident, occur with multiple package repositories, where a dependency expected to come from one repository (e.g. a custom index) is installed from another (e.g. PyPI). ⌘ Read more

⤋ Read More

The importance of improving supply chain security in open source
We think a lot about a high-profile supply chain attack that might cause developers, teams, and organizations to lose trust in open source. That’s why we’re investing in new ways to protect the open source ecosystem. ⌘ Read more

⤋ Read More

Resolve Vulnerabilities Sooner With Contextual Data
OpenSSL 3.0.7 and “Text4Shell” might be the most recent critical vulnerabilities to plague your development team, but they won’t be the last. In 2021, critical vulnerabilities reached a record high. Attackers are even reusing their work, with over 50% of zero-day attacks this year being variants of previously-patched vulnerabilities.  With each new security vulnerability, we’re […] ⌘ Read more

⤋ Read More

New request for comments on improving npm security with Sigstore is now open
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore. ⌘ Read more

⤋ Read More

Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers. ⌘ Read more

⤋ Read More
In-reply-to » @win0err I agree with @prologic about the text size. Adding content="width=device-width" to your viewport meta tag will help massively with scaling on different device widths.

Thanks for the feedback! This site was designed to look perfect on good old 800x600 monitors (I even left a comment next to the meta tag). Maybe I’ll add a mobile-friendly version someday :-) P.S. Nice try with SQL injection, haha. Do you have any plans for XSS attacks? :D

⤋ Read More

**Apparently, there are still those who they’re able to fool others with the argument “we cannot fight the climate crisis now, because we have to take care of the economy.”

This “economy first” approach is naive: the climate crisis attacks the economy too:

https://www.weforum.org/agenda/2021/06/impact-climate-change-global-gdp/**
Apparently, there are still those who they’re able to fool others with the argument “we cannot fight the climate crisis now, because we have to take care of the economy.”

This “econ … ⌘ Read more

⤋ Read More

Violence against women in China: outrage over video of furious attack by teen boy on secondary schoolgirl classmate after a board game dispute
A wave of public outrage has spread across social media in mainland China after the emergence of a graphic video of a boy violently attacking a female secondary school classmate. ⌘ Read more

⤋ Read More

Chinese destroyer on long-distance exercises in Sea of Japan, to deter ‘attack on Taiwan’
Japan’s Defence Ministry said 3 ships were spotted on Sunday travelling toward Sea of Japan. Global Times reported the mission was part of China’s military build-up aimed at deterring a foreign intervention in the event of an attack on Taiwan. ⌘ Read more

⤋ Read More

Indian forces in Kashmir kill militants suspected of targeted shooting, part of increased counter-insurgency effort
It’s believed they were Kashmir Freedom Fighters who claim responsibility for shooting a bank manager this month. At least 16 people – both Hindu and Muslims – have been killed in targeted attacks in Kashmir this year. ⌘ Read more

⤋ Read More

Q: Are passphrases really more secure than cryptographically random passwords? 🤔

I have to wonder… It should be possible to do “passphrase” attacks just like “dictionary” attacks? How is a “phrase” any different to the character set you can type? Sure there are more possible “words” (at least) in the English language, but I’m not convinced.

⤋ Read More

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users. ⌘ Read more

⤋ Read More

How to secure your end-to-end supply chain on GitHub
Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We’ve seen bad actors expand their focus to taking over user accounts, commonly used dependencies, and also build systems. Defending against these attacks is hard, because there’s no one thing you can do to protect your […] ⌘ Read more

⤋ Read More

not the best move on the side of the red cross to call me and tell me it’s because of my blood donation — i nearly had a panic attack for the 10 seconds that they didn’t tell me it was all fine (why would you call me then‽ and why speak as if you’re going to tell me i’ll be dead in a month‽)

⤋ Read More

Vulnerability Alert: Avoiding “Dirty Pipe” CVE-2022-0847 on Docker Engine and Docker Desktop
You might have heard about a new Linux vulnerability that was released last week, CVE-2022-0847, aka “Dirty Pipe”. This vulnerability overwrites supposedly read-only files in the Linux kernel host, which could enable attackers to modify files inside the host images from the container instance. If you use Docker Engine natively, we recommend you should update … ⌘ Read more

⤋ Read More

Conservative leadership race turns nasty between Poilievre and Brown

Image

As the leadership race for the Conservative Party of Canada (CPC) deepens, candidates Pierre Poilievre and Patrick Brown have started butting heads hard. The furor seems to have started when political adviser Jenni Byrne, who is currently working on Poilievre’s campaign, released an attack ad against Brown on Sunday. The two-minute ad … ⌘ Read more

⤋ Read More

Securing the Software Supply Chain with Docker Business
Organizations are increasingly facing new challenges in trying to protect their software supply chain. This has become especially difficult as the workforce has transitioned to a more distributed model with organizations scaling and onboarding more developers on distributed teams. With the number of software supply-chain attacks increasing by 650% in 2021, coordinating all of these […]

The post [Securing the Software Su … ⌘ Read more

⤋ Read More

Autocrypt - Wikipedia

Just reading in-depth and trying to understand the security model of Delta.Chat a bit more… There’s a few things that really concern me about how Delta.Chat which relies on Autocrypt work:

  • There is no Perfect Forward Secrecy
  • No verification of keys
    • Is therefore susceptible to Man-in-the-Middle attacks
  • Metadata is a BIG problem with Delta.Chat:
    • The To and From and Date are trackable by your Mail provider (amongst many other headers)

Hmmm 🤔 cc @deebs@twtxt.net

⤋ Read More

Notary v2 Project Update
Supply chain security is something that has been increasingly important to all of us in the last few years. Almost as important as the global supply chains that are having problems distributing goods around the world! There have been many attacks via the supply chain. This is where some piece of software that you use […]

The post Notary v2 Project Update appeared first on Docker Blog. ⌘ Read more

⤋ Read More

Docker is Updating and Extending Our Product Subscriptions
Docker is used by millions of developers to build, share, and run any app, anywhere, and 55% of professional developers use Docker every day at work. In these work environments, the increase in outside attacks on software supply chains is accelerating developer demand for Docker’s trusted content, including Docker Official Images and Docker Verified Publisher […]

The post [Docker is Updating and Extending Our Product Subscriptions](https:/ … ⌘ Read more

⤋ Read More

Building a healthy and secure software supply chain
Securing the software supply chain is now an everyday concern for developers. As attackers increasingly target open-source components as a way to compromise the software supply chain, developers hold the keys to making their projects as secure as they can be. That’s why Docker continues to invest heavily in our developer tools like Docker Desktop […]

The post [Building a healthy and secure software supply chain](https://www.d … ⌘ Read more

⤋ Read More

Bad idea of the day: One of those franchise-themed fighting games, except it’s a rap battle. You get dealt a hand of possible lines, with points for internal rhyme and novelty, & multipliers for referencing previous lines & opponent backstory. External rhymes are combo attacks

⤋ Read More

VR games specifically designing for sticking your head into the environment: Messages on the insides of banana peels, easter egg worlds hidden in snowglobes, black holes near which you can see what happened five minutes ago, fight games where headbutts are a legit attack

⤋ Read More