A big, professional company having its 6-digit-priced firewall appliances getting free remote code execution with a single `X-PAN-AUTHCHECK: off` header makes me think OpenWrt et al is not that unprofessional after all
Notices by Dragoon Aethis (dragoonaethis@mstdn.social)
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Wednesday, 20-Nov-2024 13:02:38 JST 
Dragoon Aethis
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Thursday, 09-May-2024 04:43:13 JST
Dragoon Aethis
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Tuesday, 02-Apr-2024 05:03:30 JST
Dragoon Aethis
via https://twitter.com/shimaryu703/status/1772211822139240953
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Saturday, 30-Mar-2024 08:09:16 JST
Dragoon Aethis
@q3k @marcan tbh the fact that it did trigger alarms in those systems, and despite that nobody noticed anything suspicious until a downstream user noticed the backdoor's side effects after upgrading is also telling.
I'm on the receiving end of some mandatory analyzers and due to the sheer volume of hits most of the time I don't really care about why something was found, rather just how to get rid of it. They could safely ignore these systems because of this behavior.
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Saturday, 30-Mar-2024 08:09:15 JST
Dragoon Aethis
@q3k @marcan Not sure if I'm getting my point across... Not that these tools don't help, they absolutely do, but mine (and many others) reactions to Coverity, Valgrind, etc sounding all the alarms each and every week is "ughhhh, here we go again" and not "something's wrong here"
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Wednesday, 27-Mar-2024 08:11:12 JST
Dragoon Aethis
Why, naturally a library called python-gitlab has its canonical version hosted over at https://github.com/python-gitlab/python-gitlab
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Wednesday, 06-Mar-2024 19:59:00 JST
Dragoon Aethis
A tiny sliver of hell froze over: https://postmarketos.org/blog/2024/03/05/adding-systemd/
>Is Alpine cool with this?
(Most likely) absolutely not, but please keep going -
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Wednesday, 06-Mar-2024 19:58:59 JST
Dragoon Aethis
...it appears I need to eat my words: https://social.treehouse.systems/@ariadne/112044941290779320
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Friday, 02-Feb-2024 10:25:07 JST
Dragoon Aethis
@domi ohh, alright, good luck then!
(As an aside, I just got an air sensor to measure home air CO2 et al, partially due to sleep issues, and uh it's not looking great here either - might wanna get some sensors too if you have some ESPs lying around)
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Friday, 02-Feb-2024 10:24:13 JST
Dragoon Aethis
@domi it's funnier when you see the graph though
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Wednesday, 24-Jan-2024 07:28:55 JST
Dragoon Aethis
@quad tbh I wouldn't mind if they named their products by the MD5 of their respective board gerbers
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Wednesday, 24-Jan-2024 07:28:53 JST
Dragoon Aethis
@quad I know, and they keep changing the systems every now and then to keep you on your guard, and instead of price stickers you get "contact us", and instead of publicly-available firmware files you have support contracts...
Enterprise hardware is so much fun :)
-
Embed this notice
Dragoon Aethis (dragoonaethis@mstdn.social)'s status on Thursday, 26-Oct-2023 02:28:31 JST
Dragoon Aethis
This is exploitable
All GNU social JP content and data are available under the