Notices by da_667 (da_667@infosec.exchange)

THEN FUCKING PAY FOR THE DATA.

https://arstechnica.com/tech-policy/2025/01/ai-haters-build-tarpits-to-trap-and-trick-ai-scrapers-that-ignore-robots-txt/

today it is wednesday

Tik-Tok ban upheld? Good, now do X for election interference and facebook reels because its just as shit as tik-tok ever was.

Oh, you won't do that because Mark and Elon are puppeteering the government so hard, their hands are literally up the president's ass? who would've guessed.

my wife was re-watching twilight last night.

"Your skin is ice cold. You barely drink. You avoid the sunlight."

"Say it. What am I?"

Me: "A security researcher"

@halva @puppygirlhornypost2 save as -> SAP.txt

@halva @puppygirlhornypost2

enterprise grade means never having to say you're sorry.

https://redrays.io/blog/critical-sap-businessobjects-authentication-vulnerability-cve-2024-41730/

@GossiTheDog They way they phrase it makes it seem like they're running their own shadow copy. I would be absolutely enraged if I discovered they were just piggybacking on shadow copies.

@GossiTheDog

I know how we can fix ransomware. Let's put a pretty wrapper on a windows feature that is the first thing ransomware deletes and disables

Another banger by watchtowr. Openconnect is an open-source VPN client that can be made to pretend its a VPN client for different VPNS, because of course, they all have a unique and serially miserable way of connecting to their special VPN appliance.

One of ivanti's connect methods is IF-T. There is a Client Capabilities field that IF-T supports that, if you provide it with more than 256bytes of data, boom, segfault. Also possible RCE if you can guess the right return addresses without knocking over the stack.

https://labs.watchtowr.com/do-secure-by-design-pledges-come-with-stickers-ivanti-connect-secure-rce-cve-2025-0282/

@cR0w I've long since burned out. I do my job with care, but the fact that utter shit product makes it out of the gate is the product of a capitalist ouroboros of shit. It isn't that developers cut corners. Its that companies cut corners on their behalf because there are no consequences for it.

The fact that HNAP vulnerabilties exist across a spectrum of IoT devices spanning over a fucking decade, and the answer to old devices that have these vulnerabilities is "well, buy a new one that is still supported 🤷" is proof that we live in a hellscape propped up by corporate greed.

made pot roast tonight. starting with beef/bone broth as the base makes SUCH a huge difference.

pot roast seasoning packet, can of peas, packet of baby carrots, five diced potatoes, 32oz of beef broth on 375 for 2 hours turned out fine.

how are you today?

sounds of a car trying to turn over, and failing

@GossiTheDog this year's deals were utter dog shite. You weren't missing much.

people who write javascript don't make threats, they make promises

@Viss @mttaggart @joshbressers wordpress itself is very well designed if all you want is a blog with a WYSIWYG editor, and I'll die on that hill.

Its everything else that gets stapled on to it with varying degrees of code quality that makes it swiss cheese.

@Viss did you know that medieval serfs got more vacations than we do?

here's some IP addresses and a file hash for a webshell we're not sharing

https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/

Windows: Hey dude, Windows 10 will be EOL next October. You should upgrade to 11

Me: Get fucked and keep getting fucked. You will become a virtual machine on a Linux box next year.

average day at clownflare