GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Patrick C Miller :donor: (patrickcmiller@infosec.exchange)'s status on Tuesday, 11-Feb-2025 19:42:02 JST Patrick C Miller :donor: Patrick C Miller :donor:

    Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks https://thehackernews.com/2025/02/microsoft-identifies-3000-publicly.html

    In conversation about 11 days ago from infosec.exchange permalink

    Attachments


    2. Domain not in remote thumbnail source whitelist: blogger.googleusercontent.com
      Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks
      from https://www.facebook.com/thehackernews
      Microsoft warns of 3,000+ publicly disclosed ASP.NET machine keys that enable ViewState code injection attacks, leading to remote code execution risks
    • Embed this notice
      Brad Rubenstein “:verified:” (bradrubenstein@infosec.exchange)'s status on Tuesday, 11-Feb-2025 20:00:33 JST Brad Rubenstein “:verified:” Brad Rubenstein “:verified:”
      in reply to

      Among all the other foot-guns here, the underlying design that allows these leaked keys to create these vulnerabilities seems (based just on the article) both unnecessary, and an unintended side effect of rolling one's own crypto on the cheap.

      @patrickcmiller

      In conversation about 11 days ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.