Notices by buherator (buherator@infosec.place)
-
Embed this notice
buherator (buherator@infosec.place)'s status on Wednesday, 02-Apr-2025 04:17:57 JST buherator
@GossiTheDog @cisakevtracker Thanks for the heads up! I'm quite skeptical though given the previous FUD reports, can't wait to see more info about any observed attacks! -
Embed this notice
buherator (buherator@infosec.place)'s status on Wednesday, 02-Apr-2025 03:02:11 JST buherator
@wdormann @cR0w Reminds me of: https://project-zero.issues.chromium.org/issues/42452353#comment2 -
Embed this notice
buherator (buherator@infosec.place)'s status on Wednesday, 02-Apr-2025 03:02:09 JST buherator
@cR0w @wdormann Probably? Gmail definitely does that. Zero-click attack surface ftw! In conversation from infosec.place permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Saturday, 29-Mar-2025 08:19:54 JST buherator
@inthehands "Safely rewriting that code would take years" is a massive understatement from Wired too. In conversation from infosec.place permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Thursday, 20-Mar-2025 00:05:22 JST buherator
@catc0n If by single source you mean Wallarm, that one is factually incorrect at multiple points so IMO it's best to dismiss as FUD:
https://infosec.place/notice/As2Q4VaBioZNySoR6mIn conversation from infosec.place permalink Attachments
-
Embed this notice
buherator (buherator@infosec.place)'s status on Friday, 14-Feb-2025 01:09:29 JST buherator
@ryanc X-Trust-Me-Bro: {"alg":"nOnE"...} vulns would be pretty funny actually :) let's hope we'll never get there though... In conversation from gnusocial.jp permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Friday, 14-Feb-2025 00:31:53 JST buherator
@ryanc I was actually thinking whether some (not so) fancy crypto could be used to pass some instead of a bool that the attacker can't forge, then realized reverse proxy configs are not exactly designed to implement such transformations in the first place :)
Nonetheless, this is an illustrative example that unless we point to some robust solution ppl *will* come up with complex but insecure solutions (see also Schneier's Law).In conversation from gnusocial.jp permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Thursday, 13-Feb-2025 23:40:53 JST buherator
Re: CVE-2025-0108
Can we agree that "X-Trust-Me-Bro: $boolean" headers set by reverse proxies are an anti-pattern?
If so, what is the best practice?In conversation from infosec.place permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Thursday, 13-Feb-2025 04:44:32 JST buherator
@cR0w @silverwizard PR has to show their worth, I'm pretty sure this wasn't composed by the offensive team In conversation from infosec.place permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Thursday, 13-Feb-2025 04:40:17 JST buherator
@silverwizard @cR0w To be fair, they could've pushed a silent patch... In conversation from infosec.place permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Thursday, 13-Feb-2025 04:30:17 JST buherator
OK I think this (via @cR0w) deserves some more attention ( #CrowdStrike CVE-2025-1146):
https://www.crowdstrike.com/security-advisories/cve-2025-1146/
In short, Crowd Strike agents on Linux can be MitM'd when they connect to their mothership (CS cloud).
My first Q is: what exactly is delivered to Falcon sensors from the CS cloud?
I present my second Q as a meme for higher reach:In conversation from infosec.place permalink Attachments
-
Embed this notice
buherator (buherator@infosec.place)'s status on Saturday, 08-Feb-2025 03:13:43 JST buherator
@screaminggoat @zeljkazorz @GossiTheDog "However, due to inadequate server configurations, attacks become possible if *the serialized data is not verified* (CWE-642)" - this sounds more like disabled MAC than leaked key to me In conversation from gnusocial.jp permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Saturday, 08-Feb-2025 02:33:14 JST buherator
@GossiTheDog Thanks! Now I'm more confused: npm does .NET these days? Or we're talking NuGet? In conversation from gnusocial.jp permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Saturday, 08-Feb-2025 02:17:09 JST buherator
@GossiTheDog Forgive my ignorance, what is nom? In conversation from gnusocial.jp permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Friday, 07-Feb-2025 20:56:45 JST buherator
@GossiTheDog 1) 3000 is not a big number on the Internet (quality matters though) 2) This is an overestimation because not all keys are useful (as the captured text also implies)
I haven't touched ASP.NET for a while, but I'd risk to say that app configuration also affects exploitability as i) not all apps rely on signed ViewState (IIRC) ii) deserialization gadgets are not universal.
These are of course solvable problems, but still need to be taken into account for risk assessment.In conversation from gnusocial.jp permalink Attachments
-
Embed this notice
buherator (buherator@infosec.place)'s status on Friday, 07-Feb-2025 17:35:04 JST buherator
@GossiTheDog That is technically true, but scanners already look for exposed web.configs, so any affected, but not already exploited Internet-facing sites would be simultaneously extremely negligent and lucky.
https://github.com/projectdiscovery/nuclei-templates/blob/2390fd195ab00f2bb1142dd27ac2ab888622d9bd/http/exposures/configs/web-config.yaml#L22In conversation from infosec.place permalink Attachments
-
Embed this notice
buherator (buherator@infosec.place)'s status on Monday, 20-Jan-2025 23:04:43 JST buherator
Serious question: Is there an open-source 2D printer (the type with paper and ink)?
If not, why not? Is there some serious production bottleneck that only HP&co can meet?In conversation from infosec.place permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Monday, 13-Jan-2025 16:24:51 JST buherator
"Even if I wanted to improve the app, I really didn't understand how to achieve the increasingly difficult goal I was aiming for. So, rather than writing an automation script that helped me skip over /the hard details/ I focused on learning the science I was trying to ignore."
https://seclists.org/dailydave/2025/q1/3
#fuzzing #llmIn conversation from infosec.place permalink Attachments
-
Embed this notice
buherator (buherator@infosec.place)'s status on Monday, 13-Jan-2025 02:03:58 JST buherator
Old digital cameras turn out to be great for kids:
- They come without all the invasive crap of smart phones
- They boost creativity
- They teach user interfaces and controls outside "push shiny moving button"
- They teach basic software concepts like files (yes, knowing about files is a skill) and how to move them around
And probably more.
Coming up next: MP3 players!
#parentingIn conversation from infosec.place permalink -
Embed this notice
buherator (buherator@infosec.place)'s status on Thursday, 26-Dec-2024 00:18:45 JST buherator
What are the online #book stores that are neither a) monopolistic giants built on enshittification nor b) copyright bullies?
If I ask for a unicorn, which ones do at least give authors a more fair share for their work?In conversation from infosec.place permalink