Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "vulnerability"
The spam denier
An old phone conversation with a client:
Me : Hello
Client : My website and server are suspended? why is that?
Me : Your server sends spam messages.
Client : We do not send spam messages, we are on vacation, there is none in the office.
Me : Yes, but it is not necessarily you, according to our logs, your server sent spam messages in Chinese and Russian, so someone from Russia or China....etc.
Client : I do not believe you, we do not speak russian or chinese, how could we then write spam messages in those languages?
Me : I told you, maybe someone exploited some vulnerability in your website or server firewall. And if you want to activate your services, please check with your webmaster and sysadmin to secure your ....
Client: I tell you my son, because I am old and I have more life experience than you ... I am 60 years old and I tell you, spam does not exist, and YOU suspended my website and server, and created issues to sell me more of your solutions and services.
I won't check my server, I won't hire a webmaster or a sysadmin, AND YOU WILL ACTIVATE MY SERVER NOW !
(I suddenly realized that I am talking to a wall, so I switched to a robotic tone).
Me : Please resolve the issue to activate your services..
Client : YOU WILL ACTIVATE MY S...
Me : Please resolve the issue to activate your services...
Client : WHAT IS THIS SPAM STORY ANYWAY, I DO NOT BELIEVE YOU ...
Me : Please google that word and you will understand what is spam is...
Client : YOU ARE F**ING LIARS, SPAM DOES NOT EXIST... ACTIVATE MY WEBSITE N.... Beeeep !
I hang up.
Well, I thought about configuring an automatic response for this client, or a for-loop.
His voice was really unpleasant, as if he is a heavy smoker.8
CW: The SQL injection vulnerability isn't important because our code is proprietary so hackers won't find it.
https://git.kernel.org/…/ke…/... sure some of you are working on the patches already, if you are then lets connect cause, I am an ardent researcher for the same as of now.
So here it goes:
As soon as kernel page table isolation(KPTI) bug will be out of embargo, Whatsapp and FB will be flooded with over-night kernel "shikhuritee" experts who will share shitty advices non-stop.
1. The bug under embargo is a side channel attack, which exploits the fact that Intel chips come with speculative execution without proper isolation between user pages and kernel pages. Therefore, with careful scheduling and timing attack will reveal some information from kernel pages, while the code is running in user mode.
In easy terms, if you have a VPS, another person with VPS on same physical server may read memory being used by your VPS, which will result in unwanted data leakage. To make the matter worse, a malicious JS from innocent looking webpage might be (might be, because JS does not provide language constructs for such fine grained control; atleast none that I know as of now) able to read kernel pages, and pawn you real hard, real bad.
2. The bug comes from too much reliance on Tomasulo's algorithm for out-of-order instruction scheduling. It is not yet clear whether the bug can be fixed with a microcode update (and if not, Intel has to fix this in silicon itself). As far as I can dig, there is nothing that hints that this bug is fixable in microcode, which makes the matter much worse. Also according to my understanding a microcode update will be too trivial to fix this kind of a hardware bug.
3. A software-only remedy is possible, and that is being implemented by all major OSs (including our lovely Linux) in kernel space. The patch forces Translation Lookaside Buffer to flush if a context switch happens during a syscall (this is what I understand as of now). The benchmarks are suggesting that slowdown will be somewhere between 5%(best case)-30%(worst case).
4. Regarding point 3, syscalls don't matter much. Only thing that matters is how many times syscalls are called. For example, if you are using read() or write() on 8MB buffers, you won't have too much slowdown; but if you are calling same syscalls once per byte, a heavy performance penalty is guaranteed. All processes are which are I/O heavy are going to suffer (hostings and databases are two common examples).
5. The patch can be disabled in Linux by passing argument to kernel during boot; however it is not advised for pretty much obvious reasons.
6. For gamers: this is not going to affect games (because those are not I/O heavy)
Meltdown: "Meltdown" targeted on desktop chips can read kernel memory from L1D cache, Intel is only affected with this variant. Works on only Intel.
Spectre: Spectre is a hardware vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs mapped memory. Works on all chips including Intel/ARM/AMD.
For updates refer the kernel tree: https://git.kernel.org/…/ke…/...
For further details and more chit-chats refer: https://lwn.net/SubscriberLink/...
(Originally written by Adhokshaj Mishra, edited by me. )23
Alright fuck it, let's release this fucker!
https://lynkz.me is the main domain. The interface is *usable* and nothing more than that. I'll invest more time in that soon but for now, hey, it works.
Api is located at https://api.lynkz.me.
Documentation for this (literally some echoes to the screen but it contains the needed information for now) is at that api url.
Found a bug or a security vulnerability? Please let me know!
Yeah I use mariadb but sql injection is luckily not possible due to quite some sanitization ;)
WARNING: if you make a shortened url and forget the delete key, you won't be able to delete it.
Let's see how this goes 😅115
A fellow intern recommended the use of windows server for security and speed reasons.
Few details about the situation: windows server got hacked due to a vulnerability which had no patch released yet and this had happened multiple times that year. Also, the company was migrating everything to Linux (servers).
The senior/lead programmer literally gave him a GTFO face and pointed at the door.
Everyone was giving him the GTFO face by the way, he didn't know how fast he had to get out 🤣9
*Facebook Hackers follow the Rules*
TL;DR: sorry, not available, can't do spoilers
One night I was with a group of friends out at a pub. A guy and his girlfriend show up, I didn't know them but they were my friend's friends.
The girl kept bragging the whole time about his boyfriend being a professional programmer, trying to remind it to everybody whenever possible (don't ask me why!).
So, after a while, the discussion moves towards "suspect Facebook activities" and the guy starts saying that he can hack Facebook.
- "What do you mean?", I ask.
- "Hacking into other people's accounts, even with 2 factor authentication. I did it a lot of times"
- "Wait, and they don't notice?"
- "Of course not! ^_^ He's a hacker", the girl replies.
Ok, time to do a coming out.
- "Hey, I'm a developer myself. Can you give me an idea of what you did in technical terms? Did you find a vulnerability? Used a virus? Maybe a keylogger?"
- "No... Uh... Well... The secret is to read the terms of service"
- "Yes... yes it's all in the facebook terms of service..."
- "Uhm, I'm not really sure I'm following. Could you prove it by hacking my Facebook account? I'm giving you the permission".
In less than a minute the discussion flew completely away and they never mentioned computers again.
⚠️ DEVRANTRON ALERT ⚠️
Make sure you've updated devRantron to v.1.3.6 since previous versions contains an XSS vulnerability.
<b>If this text is BOLD you're vulnerable.</b>
You can download the latest version at https://github.com/tahnik/...21
A quite severe vulnerability was found in Skype (at least for windows, not sure about other systems) allowing anyone with system access (remote or local) to replace the update files skype downloads before updating itself with malicious versions because skype doesn't check the integrity of local files. This could allow an attacker to, once gaining access to the system, 'inject' any malicious DLL into skype by placing it in the right directory with the right file name and waiting for the user to update (except with auto updates of course).
From a company like Microsoft, taking in mind that skype has hundreds of millions of users worldwide, I'd expect them to take a very serious stance on this and work on a patch as soon as possible.
What they said about this: they won't be fixing it anytime soon as it would require a quite big rewrite of skype.
This kinda shit makes me so fucking angry, especially when it comes from big ass companies 😡. Take your fucking responsibility, Microsoft.22
Security tester: Injects XSS into a rich text editor and flags it for a vulnerability.
"Oh that's fine, let's just disable right click on our page so no one can inspect the page and inject anything."
My boss ladies and gentlemen.9
The awesome moment when a client claims that you are nothing but a script kiddy only minutes before you reveal a $1400 vulnerability on his site 😂4
This happened at my last internship. There was this other intern and he was a TO THE FUCKING MAX windows fanboy and whenever someone said something bad about windows he'd go full rage. Also, he'd sometimes spend half an hour at my desk explaining why windows was the best and Linux sucked.
This one time, I read about a newly discovered windows vulnerability and told the employees so they'd update quickly and they were like ' thanks for the notification mate!' And then that guy came up to me telling that 'Linux also has severe vulnerabilities sometimes'. YES I FUCKING KNOW THAT I'M JUST TRYING TO GET PEOPLE TO UPDATE FOR THEIR SECURITY YOU FUCKING ASSHAT. I got really mad. Still, fuck that guy.9
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there23
It's funny, whenever the subject of facebook vs privacy comes up (mostly I don't even initiate those convo's), people always start to defend facebook when I say that I THINK that facebook is build to get people addicted to it and get them to stay on facebook as long as possible.
Haha, one of facebook's early investers/ex facebook presidents said the following in an interview:
“It’s a social-validation feedback loop, exactly the kind of thing that a hacker like myself would come up with, because you’re exploiting a vulnerability in human psychology.”
So even an ex president of facebook is admitting this.
I also found the folloing a good one:
The underlying thought process while creating platforms like Facebook or Instagram is something like “How do we consume as much of your time and conscious attention as possible?”
Last but not least, the part I found the most scary:
“God only knows what it’s doing to our children’s brains.”
Yes, I find this scary.
Oh yeah and for the people who are going to call bullshit on this one, I've got one source and if you search engine on the title of that article then you'll find loads of websites having that story:
So WPA2 has been broken.
That's quite a bad news coming so shortly after the BlueBourne vulnerability was discovered
Read more here if interested:
What is the worst thing that can happen if you report a security vulnerability to a company?
Get banned by them!
I reported a vulnerability to a company on their Facebook page(cause they don't have an email id where I can report this) and they just banned me from their page. It's really annoying me now.
And the worst thing is that they have still not fixed the issue, I wonder why the hell they banned me then.
I am planning to exploit the vulnerability and teach them why security is so important now.22
The change log from notepad++ update. The last paragraph is the cream!
" The issue of a hijacked DLL concerns scilexer.dll (needed by Notepad++) on a compromised PC, which is replaced by a modified scilexer.dll built by the CIA. When Notepad++ is launched, the modified scilexer.dll is loaded instead of the original one.
It doesn't mean that CIA is interested in your coding skill or in your sex message content typed in Notepad++, but rather it prevents raising any red flags while the DLL does data collection in the background.
It's not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it. If the certificate is missing or invalid, then it just won't be loaded, and Notepad++ will fail to launch.
Checking the certificate of DLL makes it harder to hack. Note that once users’ PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.
Just like knowing the lock is useless for people who are willing to go into my house, I still shut the door and lock it every morning when I leave home. We are in a f**king corrupted world, unfortunately. "1
A critical vulnerability was detected in Electron and I urge all the devRantron users to update their app manually.
Please go to https://www.devrantron.com get the latest version which has the necessary patches.
Due to a request, we added compact mode in the app, which can be used to view a distraction-free mode of the UI. Notifications screen is a little bit more readable now. The read notifications are now greyed out.
Again, the auto update will not work for this version. Please manually update as soon as possible.6
--- URGENT: Major security flaw in Kubernetes: Update Kubernetes at all costs! ---
Detailed info: https://github.com/kubernetes/...
If you are running any unpatched versions of Kubernetes, you must update now. Anyone might be able to send commands directly to your backend through a forged network request, without even triggering a single line in the log, making their attack practically invisible!
If you are running a version of Kubernetes below 1.10... there is no help for you. Upgrade to a newer version, e.g. 18.104.22.168
10 years ago, I found a vulnerability in the connection between an insurer I was working for, and the network of databases of municipalities. I was only a hacker in so far as kids who watched Hak5 are considered hackers, so I always carried this laptop with a fake access point, package sniffer, wep crack, sslstrip, etc with me.
The vulnerabilities allowed me to register a new identity, for which I requested a passport.
Walking up to the town hall desk with two passports with different names, both mine, was pretty cool.
I did not do anything malicious, and was hired to fix the issues (wep encryption on insurers trusted wifi, and municipality postgres gave write access to all third parties)
For a few days I was the coolest kid in school though!2
Long story short, I'm unofficially the hacker at our office... Story time!
So I was hired three months ago to work for my current company, and after the three weeks of training I got assigned a project with an architect (who only works on the project very occasionally). I was tasked with revamping and implementing new features for an existing API, some of the code dated back to 2013. (important, keep this in mind)
So at one point I was testing the existing endpoints, because part of the project was automating tests using postman, and I saw something sketchy. So very sketchy. The method I was looking at took a POJO as an argument, extracted the ID of the user from it, looked the user up, and then updated the info of the looked up user with the POJO. So I tried sending a JSON with the info of my user, but the ID of another user. And voila, I overwrote his data.
Once I reported this (which took a while to be taken seriously because I was so new) I found out that this might be useful for sysadmins to have, so it wasn't completely horrible. However, the endpoint required no Auth to use. An anonymous curl request could overwrite any users data.
As this mess unfolded and we notified the higher ups, another architect jumped in to fix the mess and we found that you could also fetch the data of any user by knowing his ID, and overwrite his credit/debit cards. And well, the ID of the users were alphanumerical strings, which I thought would make it harder to abuse, but then realized all the IDs were sequentially generated... Again, these endpoints required no authentication.
So anyways. Panic ensued, systems people at HQ had to work that weekend, two hot fixes had to be delivered, and now they think I'm a hacker... I did go on to discover some other vulnerabilities, but nothing major.
It still amsues me they think I'm a hacker 😂😂 when I know about as much about hacking as the next guy at the office, but anyways, makes for a good story and I laugh every time I hear them call me a hacker. The whole thing was pretty amusing, they supposedly have security audits and QA, but for five years, these massive security holes went undetected... And our client is a massive company in my country... So, let's hope no one found it before I did.6
Forgive me father, for I have sinned. Alot actually, but I'm here for technical sins. Okay, a particular series of technical sins. Sit your ass back down padre, you signed up for this shit. Where was I? Right, it has been 11429 days since my last confession. May this serve as equal parts rant, confession, and record for the poor SOB who comes after me.
Ended up in a job where everything was done manually or controlled by rickety Access "apps". Many manhours were wasted on sitting and waiting for the main system to spit out a query download so it could be parsed by hand or loaded into one of the aforementioned apps that had a nasty habit of locking up the aged hardware that we were allowed. Updates to the system were done through and awful utility that tended to cut out silently, fail loudly and randomly, or post data horrifically wrong.
Fuck that noise. Floated the idea of automating downloads and uploads to bossman. This is where I learned that the main system had no SQL socket by default, but the vendor managing the system could provide one for an obscene amount of money. There was no buy in from above, not worth the price.
Automated it anyway. Main system had a free form entry field, ostensibly for handwriting SELECT queries. Using Python, AutoHotkey, and glorified copy-pasting, it worked after a fashion. Showed the time saved by not having to do downloads manually. Got us the buy in we needed, bigwigs get negotiating with the vendor, told to start developing something based on some docs from the vendor. Keep the hacky solution running as team loves not having to waste time on downloads.
Found SQLi vulnerability in the above free form query system, brought it up to bossman to bring up the chain. Vulnerability still there months later. Test using it for automated updates. Works and is magnitudes more stable than update utility. Bring it up again and show the time we can save exploiting it. Decision made to use it while it exists, saves more time. Team happier, able to actual develop solutions uninterrupted now. Using Python, AutoHotkey, glorified copy-pasting, and SQLi in the course of day to day business critical work. Ugliest hacky thing I've ever caused to exist.
Flash forward 6 years. Automation system now in heavy use acrossed two companies. Handles all automatic downloads for several departments, 1 million+ discrete updates daily with alot of room for expansion, stuff runs 24/7 on schedule, most former Access apps now gone and written sanely and managed by the automation system. Its on real hardware with real databases and security behind it.
It is still using AutoHotkey, copy-paste, and SQLi to interface with the main system. There never was and never will be a SQL socket. Keep this hellbeast I've spawned chugging along.
I've pointed out how many ways this can all go pearshaped. I've pointed out that one day the vendor will get their shit together they'll come in post system update and nothing will work anymore. I've pointed out the danger in continuing to use the system with such a glaring SQLi vulnerability.
Noone cares. Won't be my problem soon enough.
In no particular order:
Fuck management for not fighting for a good system interface
Fuck the vendor for A) not having a SQL socket and B) leaving the SQLi vulnerability there this long
Fuck me for bringing this thing into existence6
I once had to literally hack a Joomla 1.5.x site for a client, because they did not find the passwords (hosting, cms, ftp, mysql). After 5 minutes and a SQL injection I was in like flynn.
The site was already full of hidden links to viagra sellers and stuff... 😂1
I have a Kali Linux VM running on my Windows machine. I decide to try and exploit the Windows machine (THAT THE VM WAS RUNNING ON) because of a vulnerability with smb that requires NO user interaction. I decided to make my computer shoot its own legs and I thought "Hey, this is gonna be fine."
Aaaaand the whole system crashed on me.3
I think we're going two sides:
For one, more and more technology is being developed/engineered which is even more and more and more intrusive as for personal privacy, I'm genuinely worried how this'll go as privacy isn't just a about not exposing certain things like passwords/bank account details and so on, it's also about being an individual who has their own thoughts, opinions and so on. If we keep taking that away more and more often, society will change and go towards the Orwell scenario (we're on our way there right now). We can change this as software/design/server engineers but that's up to us and I sadly don't see that happening quickly, also due to the 'nothing to hide' bullshit.
Second one is that were going more and more towards open source.
This is a good thing as this:
- gives freedom to devs around the world to improve software and/or modify it to suit their needs.
- gives people the opportunity to look through the source code of softwares in order to verify it as for backdoors and find security vulnerabilities which otherwise can remain hidden for the general public while spying agencies have way more resources to go vulnerability hunting.
For the people who think this isn't a good idea (even more open source), without it we'd be completely fucked as for moving forward/security/privacy. (I can give examples if wanted).4
I found a vulnerability in a food delivery app api that allows me to add credit to my account. I ate my first free meal today but i feel bad about it. What should i do 😞.
1- continue hacking free credit and eating free food.
2- stop and forget i found this bug
3- report the bug in exchange for money/credit
4- report the bug for free28
Really cool. Tesla gave two hackers that found a vulnerability in the Model 3 free cars as a reward. More companies should do that, instead of getting all pissy. I would hope a company wants to know what their vulnerabilities are so that they can avoid embarrassment and the loss of money.3
I think the hardest thing about being a programmer in college with a security emphasis is when I approach a business for a penetration test or for a vulnerability analysis (your pick) is that they almost always say, "you are pretty young don't you think?"
Ummmm not sure what that has to do with it. If it would make you feel better I have claimed bug bounties from an antivirus company, a bank, several local businesses in my area and I do this for work at my 9-5.
And this week I got this, "I think I would like someone older so we can define the goals better."
Oh so rules of engagement, yeah of course I understand that and that's something we would discuss and draw up a contract for...
"Well we really need someone more skilled."
---- End of story ----
I don't understand, you haven't asked about certifications or schooling and you glanced at my resume for exactly 5 seconds what the hell do you want? Me to double my age over night?7
Me: reports vulnerability that can be used to steal thousands of dollars from a company.
Stingy company: gives me 66 USD voucher as a reward. :)12
Really ugly to release it a day after telling AMD about it10
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.11
I make a typo in the username
"username doesn't exist"
I fix the typo and mess up the password
... I smell a potential exploit here...7
Okay, That right there is pathetic https://thehackernews.com/2019/02/... .
First of all telekom was not able to assure their clients' safety so that some Joe would not access them.
Second of all after a friendly warning and pointing a finger to the exact problem telekom booted the guy out.
Thirdly telekom took a defensive position claiming "naah, we're all good, we don't need security. We'll just report any breaches to police hence no data will be leaked not altered" which I can't decide whether is moronic or idiotic.
Come on boys and girls... If some chap offers a friendly hand by pointing where you've made a mistake - fix the mistake, Not the boy. And for fucks sake, say THANK YOU to the good lad. He could use his findings for his own benefit, to destroy your service or even worse -- sell that knowledge on black market where fuck knows what these twisted minds could have done with it. Instead he came to your door saying "Hey folks, I think you could do better here and there. I am your customes and I'd love you to fix those bugzies, 'ciz I'd like to feel my data is safe with you".
How on earth could corporations be that shortsighted... Behaviour like this is an immediate red flag for me, shouting out loud "we are not safe, do not have any business with us unless you want your data to be leaked or secretly altered".
Yeah, I know, computer misuse act, etc. But there are people who do not give a tiny rat's ass about rules and laws and will find a way to do what they do without a trace back to them. Bad boys with bad intentions and black hoodies behind TOR will not be punished. The good guys, on the other hand, will.
Whre's the fucking logic in that...
P.S. It made me think... why wouldn't they want any security vulns reported to them? Why would they prefer to keep it unsafe? Is it intentional? For some special "clients"? Gosh that stinks6
FYI to anyone following the Krack WPA2 vulnerability
A testing suite in python has made its way to github.
> Be chad lodash dev
> new security vulnerability discovered in April
> virgin devs ask to fix https://github.com/lodash/lodash/...
> giving no shit, because lodash stronk https://github.com/lodash/lodash/...
> fast forward now
> NPM lists lodash as vulnerability, because no fix
> 1000s of downstream projects affected
> surprised pikachu face10
Anyone hear about the emergency patch that Microsoft just released? Its a RCE vulnerability CVE-2017-11937 which ironically targets all of Microsoft's security products.
Basically when Windows defender scans a specially crafted file the attacker can run code as the LocalSystem. Nice one Microsoft!2
Guess what? 😱 WordPress has probably an SQL injection vulnerability. Check it out and fix your installations, when more info will be known:
I recently found a vulnerability in a food delivery app where i can add credit to my account. as some of u suggested I decided to report it. Here is their response of me asking (before explaining the bug) if i will be legally prosecuted and if ill be rewarded. this was their response. I feel they were mean. Thoughts ?16
For all you Googlefags, "Serious Chrome zero-day – Google says update right this minute":
DigitalOcean released this public message in response to Intels MDS. Definitely worth reading if you run servers at DO. https://blog.digitalocean.com/may-2...1
I mean how thick do you have to be to not understand what CSRF is? I almost lost a gig to this supposedly 'seasoned' dev who kept bragging about how she takes web security very seriously. I pointed out this flaw in her work and she fucking flipped out and refused to even acknowledge that she might have made a mistake. She kept insisting how it isn't even a vulnerability.
Well, too bad I got the gig for pointing it out.18
I really wanna share this with you guys.
We have a couple of physical servers (yeah, I know) provided by a company owned by a friend of my boss. One of them, which I'll refer to as S1, hosted a couple of websites based on Drupal 7... Long story short, every php file got compromised after someone used a vulnerability within D7's core to inject malicious code. Whatver, wasn't a project of mine, and no one bothered to do anything about it... The client was even happy about not doing anything about it. We did stop making backups of such websites however, to avoid spreading the damage (right?). So, no one cared about this for months!
But last monday? The physical server was offline. I powered it on again via its web management interface... Dead after less than an hour. No backups. Oh well, I guess I couls keep powering it on to check what's wrong with it and attempt to fix it...
That's when I've learned how the web management interface works: power on/reboot requests prompted actual workers to reach the physical server and press the power on/reboot buttons.
That took a while to sink in. I mean, ok, theu are physical servers... But aren't they managed anyhow? They are just... Whatever. Rebooting over and over wasn't the solution, so I asked if they could move the HDD to another of our servers... The answer was it required to buy a "server installation" package. In short, we'd have had to buy a new physical server, or renew the subscription of one we already owned for 6 months.
So... I've literally spent the rest of the day bothering their emoloyeea to reboot S1, until I've reached the "daily reboot reauests limit" (which amounts to 3 reauests. seriously), whicj magically opened a support ticket where a random guy advised to stop using VNC as "the server was responsive" and offeres to help me with the command line.
Fiiine, I sort of appreciate it. My next message has been a kernel log which shows how the OS dying out was due to physical components becoming unavailable after a while, and how S1 lacked a VNC server, being accessible only via ssh. So, the daily reboot limit was removes for S1. Yay.
...What to do though? S1 was down, we had no backups, and asking for manual rebooting every time was slow as Hell. ....Then I went insane. I asked for 1 more reboot. su. crontab -e. */15 * * * * /sbin/shutdown -r +5. while true; do; rsync --timeout=20 --append S1:/stuff .; sleep 60; done.
It worked. We have now again access to 4 hacked, shitty Drupal 7 websites. My boss stopped shouting. I can get back to my own projects.
Apparently, those D7 websites got back online too, still with malicious php code within them. Well, not my problem (for now).
Meanwhile, S1 is still rebooting.3
Reported an important security vulnerability inside our organization, right before getting off work. A security team member contacts me over chat asking for some details on my investigation. At the end, he tells me: "thanks, I will copy and paste this conversation on the ticket so that everyone can see".
What I imagined: he would copy and paste the conversation as is, so that every line written by me is prefixed with my name.
What he does: he writes a summary of our conversation, barely mentioning my name, making it look like that part of the investigation was done by him.
Now I have so much anger inside of me that my internal organs are boiling.6
Yet another Intel vulnerability. Who_would_have_thought.png.
watching the online course for CEH... dude used the Death Star as a tangible example of how exploits work.
IDK if I should love it for the nerdiness, or be slightly sad that someone needs that type of example of what a vulnerability vs an exploit is, when they're going for the Certified Ethical Hacker certification...
Might be better in an introduction to Network Security class?
Also, while discussing the security, usability, and functionality triangle, he reference the Staples "Easy Button" - does one thing, not very secure, and not very functional (in that it has more than one function)...1
Paranoia. Programming affected my life by making me paranoid. Creating a new account on any website that even needs rudimentary information about me has to go quite some vulnerability testing since I've seen enough hack jobs that throw around sensitive data because they're too incompetent to follow simple must dos.3
Yet another funny bug for your iPhone friends. Oh Apple...
"The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn't very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs)."
Ya'll know what... If humans weren't such annoying vulnerability-searching little shits then we wouldn't have had to implement any protection against them and think of all the performance that would be saved on that. Take branch prediction vulnerability mitigation in the Linux kernel for example, that's got to make a performance hit of least 10% on basically everything.
Alas, I do get why security is important and why we keep such vulnerability mitigation running despite the performance hit. I get why safe code is necessary but still... if these people weren't such annoying little bastards.
Yeah, I was just kind of set off by the above. So much would be faster and easier if only the programmers wouldn't have to plan for people exploiting their software. Software would be written much faster and humans would progress to stuff that actually matters like innovation.8
Putty remote executuon vulnerability(no patch yet)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to unspecified input validation error when processing data, received from SSH server. A remote attacker can trick the victim to connect to a specially crafted SSH server and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.7
FYI if you have ES file explorer get rid of it cause it has a major vuln that lets other extract files from your phone
There are many better alternatives, i personally use FX.
...WHY TF DOES A FILE EXPLORER RUN AN HTTP SERVER IN BACKGROUND ?!24
Reddit comment on a thread about Joomla! sites being vulnerable to SQL-injections:
"Joomla sites are so infested they became sentient.
Joomla sites needs no webmaster, some one else will administer it for you.
Joomla sites have very good SEO, specially in "v1agra c1alis p3nis size"
Traffic count with Joomla is high, all the bots breaking all the vulnerabilities count for somethin'."
😂 Pure gold.1
So my dad is watching some movie from the nineties titled "Hackers". Here are some lines from it:
"So I got into a server, looked around, run some commands. Only then did I realize that it was a bank server"
How can you not know what server are you hacking? And how did you later find out that it was a bank? For all you know you might be hacking into somebody's blog.
Hacker 1: So how are you gonna hack that database?
Hacker 2: I don't know yet.
H1: I would use a vulnerability in their security
That's like saying you would enter a building using the front doors.
Did whoever wrote the script for this movie even consulted somebody that knows at least something about hacking?6
Do you know the auto-generated heroku sample app? The very complex demo app you automatically get following the tutorial?
It has a vulnerability.
I laughed a lot2
So one of my clients had a different company do a penetrationtest on one of my older projects.
So before hand I checked the old project and upgraded a few things on the server. And I thought to myself lets leave something open and see if they will find it.
So I left jquery 1.11.3 in it with a known xss vulnerability in it. Even chrome gives a warning about this issue if you open the audit tab.
Well first round they found that the site was not using a csrf token. And yeah when I build it 8 years ago to my knowledge that was not really a thing yet.
And who is going to make a fake version of this questionair with 200 questions about their farm and then send it to our server again. That's not going to help any hacker because everything that is entered gets checked on the farm again by an inspector. But well csrf is indeed considered the norm so I took an hour out of my day to build one. Because all the ones I found where to complicated for my taste. And added a little extra love by banning any ip that fails the csrf check.
Submitted the new version and asked if I could get a report on what they checked on. Now today few weeks later after hearing nothing yet. I send my client an email asking for the status.
I get a reaction. Everything is perfect now, good job!
In Dutch they said "goed gedaan" but that's like what I say to my puppy when he pisses outside and not in the house. But that might just be me. Not knowing what to do with remarks like that. I'm doing what I'm getting paid for. Saying, good job, your so great, keep up the good work. Are not things I need to hear. It's my job to do it right. I think it feels a bit like somebody clapping for you because you can walk. I'm getting off topic xD
But the xss vulnerability is still there unnoticed, and I still have no report on what they checked. So I have like zero trust in this penetration test.
And after the first round I already mentioned to the security guy in my clients company and my daily contact that they missed things. But they do not seem to care.
Another thing to check of their to do list and reducing their workload. Who cares if it's done well it's no longer their responsibility.
2018 disclaimer: if you can't walk not trying to offend you and I would applaud for you if you could suddenly walk again.2
Few months back, I reported a vulnerability in an open source project due to the fake alarm from Github without understanding it's consequences. The author of that project immediately locked, and closed the issue and deleted the detail.
Though he was annoyed with my this act but he taught me a good lesson of responsibility.
"One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users," according to the report of Bleeping Computer.
Vulnerability hunter Vinoth Kumar reported and later Starbucks responded it as "significant information disclosure" and qualified for a bug bounty. Along with identifying the GitHub repository and specifying the file hosting the API key, Kumar also provided proof-of-concept (PoC) code demonstrating what an attacker could do with the key. Apart from listing systems and users, adversaries could also take control of the Amazon Web Services (AWS) account, execute commands on systems and add or remove users with access to the internal systems.
The company paid Kumar a $4,000 bounty for the disclosure, which is the maximum reward for critical vulnerabilities.7
Social Captain (a service to increase a user's Instagram followers) has exposed thousands of Instagram account passwords. The company says it helps thousands of users to grow their Instagram follower counts by connecting their accounts to its platform. Users are asked to enter their Instagram username and password into the platform to get started.
According to TechCrunch : Social Captain was storing the passwords of linked Instagram accounts in unencrypted plaintext. Any user who viewed the web page source code on their Social Captain profile page could see their Instagram username and password in plain text, as they had connected their account to the platform. A website bug allowed anyone access to any Social Captain user's profile without having to log in ; simply plugging in a user's unique account ID into the company's web address would grant access to their Social Captain account and their Instagram login credentials. Because the user account IDs were for the most part sequential, it was possible to access any user's account and view their Instagram password and other account information easily. The security researcher who reported the vulnerability provided a spreadsheet of about 10,000 scraped user accounts to TechCrunch.3
A few days back I read an article about ethical hacking and get rewarded for bug bounty. I thought that might be interested.
I'm about to send out my first ethical hack report to a company! I'm nervous because I don't know how they'll respond. It's an xss vulnerability, and I really hope they'll fix it.5
jQuery < 3.4.0 is a known moderate severity vulnerability now and Github just send me about 20 alert mails for repos which are using jQuery that I had used for side projects.
Like thanks but damn.2
Today I had a problem with a JS framework. The only person who was available who could help me was the one I avoid, because he always knows everything better.
Well, after I asked if he had time for me, he sits next to me and I started to explain.
After looking around, he started blaming my backend code.
(I belong to the kind of dev that tries to write small and simple code. But I also often use the more complex features of the languages.) He suddenly started accusing everyday things in the backend like inheriting a class or using objects and basic data types together as parameters of a method (WTF???) Hell, all I could say at that moment was that I had a problem with this JS framework and not with the backend that worked well. He probably tried for over an hour to find the bug in the backend and just wouldn't listen, after that he gave up. I wonder what this bitch has learned over the years. Can it really be that he forgot the basics of a programming language? Or has the fool never worked with an inheritance before? I think he's an incapable piece of shit, he hasn't even patched my reported vulnerability in his project in the last half year, which allows to inject own code onto the server.
Because of such fucking morons I get a headache when I think about it. How can it be that he's got a higher degree and earns about 50% more. I should leave this company!3
Everything will be about the same, but faster. Quantum computing will allow brick-shitting speeds of data processing, Nvidia will at some point develop a quantum GPU and call it Fuckall architecture or something that will allow to simulate all the atomic-level physics of a whole car (and stuff), 1Tb network speeds will be common, websites and databases work in a blink of an eye.
Also someone will find a spectre/meltdown-level vulnerability in quantum CPUs and everyone will get f-d in the a. Again. Almost.14
The one thing more annoying than my girlfriend is the chain of mail I get from Github saying,
"One of your dependencies has a security vulnerability."5
First of all, a great channel to follow and where all this is from: https://youtube.com/watch/...
It listed a lot of open source news I missed myself and I'm sure others did too, for those that are too lazy to watch the video or open the description, I've stripped away the links and "X version got released" just to give an idea of what he covers.
GNOME and KDE announced they would work together on building better Linux desktops at Linux App Summit.
XRDesktop, a VR enabled Linux desktop, will allow you to use your Linux programs while wearing your VR headset.
Responding to the european commission's fines, Google announced that it would allow other search engines to be present at Android's setup.
Manjaro will allow users to pick between FreeOffice, Libre Office, or no office suite at all.
The Igalia team announced that they are working to make Pitivi compatible with Final Cut Pro X
Microsoft might be bringing its Teams software to Linux.
Martin Wimpress from the Canonical SnapCraft team gave an interview to TechRepublic, on Snaps
A discussion took place on how to improve Linux desktop performance in low ram scenarios.
A KDE vulnerability has been outed publicly before notifying the developers.
Nvidia has open sourced a bunch of documentation for its GPUs
Linux Journal announced they would cease their publication.
Kdenlive 19.08 has been released, bringing 3 point editing and a bunch of keyboard shortcuts
The Linux on Dex project now allows to run Ubuntu 16.04 LTS on a samsung smartphone.
According to protondb, we passed the 6000 playable games mark, out of 9 thousand for which users have created a report
GNOME Feeds has been released on flathub, a simple app to read RSS feeds on GNOME
The enlightenment desktop released its first version in 2 years, enlightenment 0.23.0.
Linux celebrated its 28th birthday
Microsoft announced that they would bring exFAT support to the linux kernel.
Thundebird 68 was released with an interface redesign
Collabora has published an update on their work on viglrenderer, a solution to emulate a gpu while using a virtual machine through Qemu.7
FUUCCKKKK!! I need to hit smth. Or rant..
So that flaky ec2 issue.. These ec2s act as a shared environment for multiple apps. Our app is one of them. I have no access to those ec2s at all.
What I have access to is my app and some monitoring. Now the app randomly starts lagging while nearly idling. At the same random times monitoring stops completely and doesn't come back up. This happens to random app instances at random times.
Reached out to infra support, managed to get attention from the big boys [mgmt]. Today we got the fix deployed. I test it out -- problem persists.
I find this behaviour somewhat familiar. Managed to get some server stats from infra folks. Apparently cpu% is high as well as load avg [cpu queue]. Bingo! I know how to fix it!
So I write a long comment w/ all the commands and all the 'if that, do this'. Send it to one of the infra technitians
and I get a reply: 'we will apply cpu usage limitations to fix the issue'
wait... Cpu% limitations will do nothing but highlight the underlying problem...
'no, instances have high cpu utilisation which is causing those lags. We will limit cpu resources and it will be fixed'
oh ffs... Cpu utilization and cpu queue are VERY different things.. I tried explaining that to them like 7-9 times. And all I get is:
'yes, cpu utilization is the problem. We will limit it and solve the problem'
I would surely escalate all of this through higher channels if only I could get my hands on those ec2s and have a proof. But that is not happening and I'm forced to sit back and watch them break things even worse until they are out of options and mark my query as 'wont fix'....
Fuck that's frustrating....
*thinking to myself* so I've read about that new vulnerability 2 days ago that allows one to escape from docker container to the host... What if <...>4
Apache Tomcat vulnerability "GHOSTCAT" allows read conduct files and implant web shells. All versions in the last 13 years vulnerable.
According to Security Researcher of Chaitin Tech : Due to a flaw in the Tomcat AJP protocol (the channel for Tomcat to connect to the outside, pass them to the corresponding web application for processing and return the response result of the request), an attacker can read or include any files in the webapp directories of Tomcat.
For example, An attacker can read the web-app configuration files or source code. In addition, if the target web application has a file upload function, the attacker may execute malicious code on the target host by exploiting file inclusion through "GHOSTCAT" vulnerability.
Apache Tomcat has officially released versions 9.0.31, 8.5.51, and 7.0.100 to fix this vulnerability.5
A few days ago, I saw a topic from hackernews about Xiaomi phones having a high risk vulnerability because of analytics.apk. I didn't mind it (I'm using a Xiaomi phone).
After about 2 days, I had a notification on my screen having a message 'test' made by my browser.
I immediately installed a firewall blocking all Xiaomi related services.
Has anyone read the latest rant from Microsoft?
<<Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.>>12
PSA: If you use jQuery and BlueImp's jQuery File Upload there is a big potential vulnerability you need to be aware of. If you use NPM to pull the repo into your public folder, the "server" folder will be available for people to take advantage of. "Hackers" may be able to upload malicious code and replace parts of your site.
I had a site hacked and later saw on Google Analytics that people were posting to random URLs in that folder. The fix is to simply delete that folder, but if you use NPM, you need to be extra careful it doesn't come back.
Also, I didn't investigate further. So I'm not sure what (if anything) is vulnerable in there, or if it was just the specific version I had. To be safe, if you use this plugin (as MANY people do), just delete the folder.
Link to the repo for your reference: https://github.com/blueimp/...4
security fiasco due to a malicious npm package:
Because of a bitcoin miner present in event-stream npm module (https://bleepingcomputer.com/news/...), my entire team and I had to scan all our nodejs apps, repos and the most excruciating one, all node_modules folders across all our dev machines and servers, to see if event-stream and flatmap-stream is present, then not just delete it but update a bu**load of upstream dependencies which internally used event-stream. All due to one malicious package which was hidden several layers beneath.
And, this happened almost 8 months after the aforesaid vulnerability was first found.10
This was initially a reply to a rant about politics ruining the industry. Most of it is subjective, but this is how I see the situation.
It's not gonna ruin the industry. It's gonna corrupt it completely and fatally, and it will continue developing as a toxic sticky goo of selfishness and a mandatory lack of security until it chokes itself.
Because if something can get corrupted, it will get corrupted. The only way for us as a species to make IT into a worthy industry is to screw it up countless times over the course of a hundred years until it's as stable and reliable as it can possibly be and there are as many paradigms and individually reasonable standards as there can possibly be.
The entire tech is rotting from the hundreds of thousands of lines of proprietary firmware and drivers through the overgrown startup scene to fucking Node.js, and how technologies created just a few decades ago are unacceptable from a security standpoint. Check your drivers and firmware if you can, I bet you can't even see the build dates of most firmware you run. You can't even know if it was built after any vulnerability regarding that specific microcontroller or whatever.
Would something like this work in chemical engineering? Hell no! This is how fucking garage meth labs work, not factories or research labs. You don't fucking sell people things without mandatory independent testing. That's how a proper industry works. Not today's IT.
Of course it's gonna go down in flames. Greed had corrupted the industry, and there's nothing to be done about it now but working as much as we can, because the faster we move the sooner we'll get stuck and the sooner we can start over on a more reasonable foundation.
Or rely on layers of abstraction and expect our code to be compilable on anything the future holds for us.5
I've been interested in security for years but despite knowing the theory I've always had this disconnect with actually doing it, about two years ago I finally managed to find and exploit my first cross-site scripting vulnerability in my companies Product whilst doing some routine acceptance testing. It was a penny drop moment for me which has led to some very interesting projects and It was pretty badass.
My new colegue at work was tasked with getting familiar with some Java code that had security vulnerability. He complained about slow build time for the first hour and then I stopped paying attention. At the end of day I checked on him and was like wtf how are you still trying to build this.
Turns out he ran Gradle task bootRun and watched logs of working app for 8 hours because he thought that's build xD1
The feel when you remember you have left any vulnerability in your code.
a wired wave arise in your body.1
I reached out to a developer who's site was being contracted out to Amazon devs, because when their site launched it had a couple of security issues. This was his response:
"An additional thought/opinion... Just because a college freshman from Arizona wasn't too hungover to make the effort to notify us and take the liberty of classifying this as a security issue for us doesn't mean we need to take their word for it."6
Old unused military satellite to make international calls free. Local tv station to leak episodes. 4500 hosts zombie net with autoreplicant bots that scans for vulnerability to populate the net to do distributed denial of service attacks. Jumper on the neighborhood cabin to redirect the school's call for being absent, an older friend pretended to be my father.
Get merge request approved, wait for the build, hit DEPLOY!! Nail biting 3 minutes! Your eyes fixed on the logs! Building..... Pushing instances..... Starting App..... SUCCESS!!! Finish the remaining tickets! Your long weekend still exists!4
Attention guys and gals! If you are using grafana in your home setup, update it asap to 4.6.4 or 5.2.3. versions before those two are affected by an authentication bypass vulnerability. CVE 2018-15727
In the meanwhile, my nginx config is blocking everything but the LAN ips :)
So that is why strangers want to send me videos/etc. on WhatsApp then !
Not that I could ever get it to install mind you!
Jeff Bezos' cell phone was hacked in 2018 after he received a malicious WhatsApp message from the crown prince of Saudi Arabia, months before the National Enquirer exposed his affair, it has been claimed.
The Amazon billionaire received a video file containing malicious code from Mohammed Bin Salman's personal phone number, The Guardian reported on Tuesday.
According to forensic examination of the phone afterwards, the message was sent on May 1, 2018. Within hours, a large amount of data from Bezos' phone was extracted. There is no detail of what kind of data was taken.
However, there does not appear to be any reports of the vulnerability being actively exploited in the wild.
Apart from the one above maybe..
So, be careful out there !7
just found out a vulnerability in the website of the 3rd best high school in my country.
TL;DR: they had burried in some folders a c99 shell.
i am a begginer html/sql/php guy and really was looking into learning a bit here and there about them because i really like problem solving and found out ctfs mainly focus on this part of programming. i am a c++ programmer which does school contest like programming problems and i really enjoy them.
now back on topic.
with this urge to learn more web programming i said to myself what other method to learn better than real life sites! so i did just that. i first checked my school site. right click. inspect element. it seemed the site was made with wordpress. after looking more into the html code for the site i concluded all the images and files i could see on the site were from a folder on the server named 'wp-content/uploads'. i checked the folder. and here it got interesting. i did a get request on the site. saw the details. then i checked the site. bingo! there are 3 folders named '2017', '2018', '2019'. i said to myself: 'i am god.'
i could literally see all the announcements they have made from 2017-2019. and they were organised by month!!! my curiosity to see everything got me to the final destination.
with this adrenaline i thought about another site. in my city i have the 3rd most acclaimed high school in the country. what about checking their security?
so i typed the web address. looked around. again, right click, inspect element and looked around the source code. this time i was more lucky. this site is handmade!!! i was soooo happy because with my school's site i was restricted with what they have made with wordpress and i don't have much experience with it.
amd so i began looking what request the site made for the logos and other links. it seemed all the other links on the site were with this format: www.site.com/index.php?home. and i was very confused and still am. is this referencing some part of the site in the index.php file? is the whole site written inside the index.php file and with the question mark you just get to a part of the site? i don't really get it.
so nothing interesting inside the networking tab, just some stylesheets for the site's design i guess. i switched to the debugger tab and holy moly!! yes, it had that tree structure. very familiar. just like a project inside codeblocks or something familiar with it. and then it clicked me. there was the index.php file! and there was another folder from which i've seen nothing from the network tab. i finally got a lead!! i returned in the network tab, did a request to see the spgm folder and boooom a site appeared and i saw some files and folders from 2016. there was a spgm.js file and a spgm.php file. there was a contrib, flavors, gal and lang folders. then it once again clicked me! the lang folder was las updated this year in february. so i checked the folder and there were some files named lang with the extension named after their language and these files were last updated in 2016 so i left them alone. but there was this little snitch, this little 650K file named after the name of the school's site with the extension '.php' aaaaand it was last modified this year!!!! i was so excited! i thought i found a secret and different design of the site or something completely else! i clicked it and at first i was scared there was this black/red theme going on my screen and something was a little odd. there were no school announcements or event, nononoooo. this was still a tree structured view. at the top of the site it's written '!c99Shell v. 1.0...'
this was a big nono. i saw i could acces all kinds of folders. then i switched to the normal school website and tried to access a folder i have seen named userfiles and got a 403 forbidden error. wopsie. i then switched to the c99 shell website and tried to access the userfiles folder and my boy showed all of its contents. it was nakeeed naked. like very naked. and in the userfiles folder there were all, but i mean ALL files and folders they have on the server. there were a file with the salary of each job available in the school. some announcements. there was a list with all the students which failed classes. there were folders for contests they held. it was an absolute mess and i couldn't believe it.
i stopped and looked at the monitor. what have i done? just to learn some web programming i just leaked the server of the 3rd most famous high school in my country. image a black hat which would have seriously caused more damage. currently i am writing an email to the school to updrage their security because it is reaaaaly bad.
and the journy didn't end here. i 'hacked' the site 2 days ago and just now i thought about writing an email to the school. after i found i could access the WHOLE server i searched for the real attacker so if you want to knkw how this one went let me know in the comments.
sorry for the long post, but couldn't held it anymore12
Not a good year for Intel, is it? First the two Spectre variants and Meltdown, now the AMT vulnerability.
/Hugs his AMD systems while unplugging the Intel ones.7
our website got hacked somebody downloaded the whole source code and sent an email to us.
seems like that person would demand ransom or anything.
We still can't find where is the door ( vulnerability ) through which he pulled all files.17
Me currently in my 3rd year of university: hears about blockchain from my friends, reads 5 pages of ethereum white paper; sees a cool machine learning project, watches 2 weeks of Andrew Ng's course; plays a cool game, downloads Unity and makes a hello world game; hears about wifi vulnerability, purchases an ethical hacking course.
Number of things mastered: 05
The first time i've scripted something and found a vulnerability on a production web application was one of the best moment i've ever had, never been so excited!
(mmh, maybe i need to switch to security :D)
Hey fellow devRanters,
I'm sure some of you have read about the newest vulnerabilities in Intels Management Engine (ME). I feel like ME and similar "features" are unacceptable backdoors into our systems. Unfortunately Intel and AMD do not offer their customers the option to acquire CPUs that lack these backdoors and make disabling them rather impossible 😒
Thus my question: Do you guys know of any 64-bit "open-source" CPU on the market that is production-ready and suitable for high-traffic web applications? Please note that I don't consider FPGAs to be viable options, since I don't trust Xilinx and Altera either.15
Everybody when a forced update is released: "I hate forced updates!! They can't force me to do shit!!"
Everybody when a massive ransomware attack happens: "You should've updated when the update came out, so you aren't vulnerable!"
If they made the fix for the WannaCry vulnerability forced, the attack wouldn't have been as big as it was.
Confession: I wish they made more forced updates :/
Also, I'll probably get a lot of hate about this...3
Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
NSO group even sell a spyware application based on that vulnerability to governments.
Listen!!!!! I'm going to the toilet with my phone!!! Listen!!!3
Why does the point of sale machine open the cash drawer for a credit card sale ? Seems like a vulnerability to me.2
Windows 10 is safe they said. Signature/https can be trusted they said.
When even NSA disclose "hacks" you know it's too big
I once had a manager who demanded I physically print all of the Kanban cards and tape them to the office whiteboard. I was told to move the cards across the board after they were moved in TFS. I still had to keep up with my other duties in the QA department too!
Despite that, I still stayed on board with the company (the pay was good, and the work was simple.) As a QA teeter, I uncovered a rather nasty security vulnerability that would have put all of our customers data at reach to anybody. I advised my manager, and was told - just ignore it and ship the code please. I refused.
I was threatened with being fired, verbally assaulted, and challenged at the most trivial ways in everything I did after that.
Jokes on him now. I work from home in my dream job, doing what I love, with a manager who actually gives a rats ass about my concerns.
Moral of the story here - you don't have to agree with your subordinates , but you do need to validate their concerns.4
Y'all might wanna update your Win7, Win8 amd Win Server 2008.
RDP RCE with a CVSS pf 9.8.
Trustico CEO emailed private key which is used to sign TLS certificates, making more than 23k certificates compromised!
This makes me think, that we should not trust others for our security (like ca), failure of CA can put our website at risk. What is the better way to do it?
Today I found a vulnerability in an local agency website. It's one of the famous and biggest that if I would applied they wouldn't even look at my cv. Long story short, I managed to login to their admin dashboard and sent a screenshot of it as a twitter mention to them. All they did was to like the tweet while I had the chance to fuck up the website.6
I just remembered that 2 years ago I found an open-redirect vulnerability in one of Google's old pages.
I decided to not submit it to Google because it's too much effort (even though I knew they pay for these things) and told about it to a friend who deals with these things.
I was SO. DAMN. STUPID.1
Well for starters the website that gave you assignments on security of web applications shouldn't have an SQL injection vulnerability on the login page.
Next would be the method of teaching, they would skip what not to do and go straight to what you should do. This in turn causes people to use the exec command in php that actually takes a POST parameter.
And stop allowing teachers to be lazy fucks that don't explain shit and only give you assignments.
And finally when telling the teacher that a method he uses would cause another vulnerability the teacher should properly fix this issue not say it is for an "advanced course".
Yes I am pissed
Our ISP, that also offers us Television is smart, very smart... “One option is to provide an anonymous mailbox (eg. Gmail, Hotmail”
Wtf... Gmail != anonymous.
I was about to report a vulnerability I found in their system, with that I could access the whole digibox, recover recordings, copy the on demand things, and watch films.2
WTF kind of bullshit software is sonar.
I can't deploy my application because sonar is telling me that there is a vulnerability. So I look at it. IT'S A FUCKING DEV DEPENDENCY. Are you fucking serious sonar? I can't deploy because a dev dependency has a vulnerability that allows DOS attacks. What the fuck do you think will happen?! I'm going to DOS my own fucking application whilst coding or what? Who the fuck would even care?!
I fucking hate our Pipeline, all the tools behind it operate like shit. the only thing positive about it, is that I am able to deploy applications myself without having to call someone and wait a week. Because putting a file in a directory is hard ._.3
WordPress File Delete to Code Execution
The vulnerability was reported 7 months ago to the WordPress security team but still remains unpatched.
If you discovered a vulnerability affecting multiple of the big dogs, would file a cve and report it immediately or have some *fun* first?
USB ports are such a vulnerability.
Using a device as cheap as a Teensy you can easily execute whatever malicious software you'd like on a person's computer.4
If only NPM' security team (so pretty much NSP's) would inform the package owners as soon as they discover vulnerabilities and give them the standard 30-90 days to fix them and release a new version before going public, instead of straight out publishing the security audits which generates noise on the terminal (obviously when using npm) and on Github
The company I work in recently made a subdomain where you need to figure out how to hack the page using a vulnerability they subtly put there. If u are successful u get an interview. I looked it over for fun and was able to do it. But since i already work there i was thinking of telling a friend id love to join us but was rejected a month ago when they interviewed him about how i did it so he can apply maybe they give him another chance. do you think I should do that?
Note that i referred him last month and hes a fresh grad with not much experience4
I've always considered myself a stalwart proponent of strong, effective security. But I'll be damned if my company's security policy isn't choking it's developers out.
It's like whenever a developer requirement and potential security vulnerability meet, the company doubles down on the security side, ignores their dev's needs entirely, and then takes a privilege away just to punish us for having the audacity to try and do our God damn jobs.6
Everybody saw this coming! A privacy breaching telegram vulnerability!
Gaining root in Macs by not using a password, a vulnerability in HomeKit devices allowing unauthorized remote access.
Next you tell me FaceID isn't as secure as you want me to believe.
When the pen testers find a "vulnerability" and say it would be very difficult for someone to exploit it. Yeah, in that case they might as well say if you solve p vs np you can break it but it would be very difficult.
How to discover and exploit vulnerabiliy in program or IoT firmware?C++, asm, writing zero-days, i have always been amazed by that. Art.
I want to know if there is possibility to find a vulnerability on a .jar file.
I tried to install Kali on VM (for now) and tried to use metasploit but I found that it attacks the inter system on a indicated ip address.
There are many application or video (and so on) for my problem?
This .jar file is an application and I want to do pentesting...
Sorry for my poor english but it isn't my native language.
I'm new in pentesting wolrd 🤣8
iOS 11 have a vulnerability allowing attacker to bypass your lock screen and brick your phone via prepared “dev profile”. Do not download any utrusted stuff untill official fix ;)7
Target #1 - Aim to further develop my university security project (A python based vulnerability scanner), and move this over to GitHub.
Target #2 - Aim for reaching ten contributions on open source projects and start building up my developer profile pre-graduation in September!
For one of my exams, from a couple of meager code snippets and hints, without any prior domain knowledge, we had to find and carefully describe a vulnerability, as well as suggest a fix.
Well, I wouldn't complain, but what the actual fuck, it turns out that we had to come up with and "carefully describe" this whole shit: https://googleprojectzero.blogspot.co.uk/...
No, we did not study it in class, nor have seen it before in the recommended reading or provided links. Also, according to the point distribution, we only had 20 minutes for this part.
I don't usually complain about stuff and take it my lack of preparation or something, but fuck all now. I never want to look at another security-related piece of code ever again.
Since I started my routine of checking bug logs every morning, I've had 2 instances where a website vulnerability scanner was run against a production website and generated over 2,000 Coldfusion errors.
At the time, I was super nervous about the apparent hack attempt, and hyped that the attackers never actually got in. It's nice to know that despite the various errors indicating vulnerable / breakable code, they were ultimately unsuccessful. I know now that a determined attacker could probably have wrecked our production websites. Since then I've made a ton of security-related updates and I'm actually thankful for the script kiddie getting my attention with that scan.
PS. We're now building a website for a local security company who is going to work with us to pen test the site when it's finished! Gulp.4
So I discovered a Microsoft Exchange vulnerability due to settings at company well doing a project. Would you classify it resume worthy for a software developer?
I signed up to a website, and my password contained & symbol, got an error that password cannot contain that symbol, I thought we are way beyond vulnerability of SQL injection?
Or that symbol can be used for some other attacks?5
I recently recommended that we fix a gap in the current CSRF implementation.
I’m asked by a fucking business guy that if we haven’t seen an issue till now, why is this a priority?
Should I demo the vulnerability? Why can’t they fucking trust the people that they hire? It’s not like I wanna do it for some selfish motive.
Two security researchers have published details about a vulnerability in the Windows Printing Service which impacts all Windows versions.
According to a Report of ZDNet : The vulnerability codenamed 'PrintDemon' which is located in Windows Print Spooler (Windows component responsible for managing print operations). The service sends data to be printed to a USB port for physically connected printers. In a report published, security researchers Alex Ionescu & Yarden Shafir said they found a bug in this old component that can be abused to hijack the Printer Spooler internal mechanism. The bug can not be used to break into a Windows client remotely over the internet, so it's not something that could be exploited to hack Windows systems over the internet.5
Hey ... Is it possible to figure out the clients path (f.e. C:\Users\...) to a file he uploaded to a website on the server side?
My boss thinks it could be done and wants me to programm it. But I think we'd need a zero day vulnerability in a specific (and probably very old) browser to do something like that... That would be a huge security issue...
What do you think?13
I attempted on national competition in an IT field, where there were tens of great projects (in other fields as well, like chemistry and so..). We had to push everything to their portal, so they can study it in advance. While pushing the docs, I found that there were SQL injections that allowed me to list everyone's rating and to download every single doc / additional sources.
Worst part is, that even after I reported vulnerability, they obviously didn't had time to fix it.
Me: Why do we do this this time consuming, low value thing?
My tech lead: Because if we don't, a box becomes red on some executive report.
Me: Why is this deadline so important? It's not customer facing or any kind of critical bug/vulnerability?
My tech lead: Because it was a company wide mandate, and we'll show up on some executive report if we're late.
Me: *angry dev noises*
They must dole out lashings to the tech leads and the directors any time we fail to meet some completely arbitrary demand. The act like the world is going to end any time we get too close to a deadline 🤦♂️
Makes no sense that they then turn around and worship the ground senior leadership walks on. I wonder if it's some weird form of stockholm syndrome.5
Finally I finished the exams, now I have to write my thesis. An agency who wants remain anonymous at the moment told my supervisor to choose a student who will works out on the ransomware argument. The relator was a little bit scared about consequences but I'm pressing to write a controlled ransomware in a closed network brtween virtual machines. What qualities a good ransomware should has?
Mutable structure to avoid antivirus detection? Good exploits and vulnerability scanners to make itself viral? The payload should stay in the code or should be downloaded from a server? I need some reference on analysis of vx codes, any help?
Great feeling when the pen testers couldn't find the "unfixable" vulnerability your new feature created, and you go on holiday soon.
Tried out the node.js code demo in this book.
Terrible format, use tab for indentation, very very long function, redundant code (eg: new Buffer vulnerability)...
The major issue is none of the total.js nosql code works. Eg:
Without any asynchronous call, how do you expect this to work?!
Just fixed the code and updated npm modules for demos in Chapter 3 btw... Took way longer than expected.3
I just read about the Thunderbolt port vulnerability but it seems that port is interchangeable with USB C, just faster? But basically any USBC ports are vulnerable then? Or just the rounded ones like on phones?
Normal USB 3 rectangular ports on PCs are fine?5
Just discovered someone I told about a hack for the computers in school (nothing difficult just booting from a USB) had a link to C2K the company that provides the system and told them about it and now they've patched it up, so in a way, it's my first security vulnerability report, in another way, I can no longer play games and program in free
"We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"
Let's see how this unfolds. While there is chaos I trink some tea and laugh, because I never send critical information over e-mail. 🧐🍵4
Somebody forgot to correctly match the external url on login success and failure, now google may use my cookies for the better good.
Which one comes first? vulnerability or threat? 🤔🤔 I would go with vulnerability how about you guys?5
Anyone use docker in production handling monies and hundreds accounts? In Django in my case but doesnt matter the framework. More concerned with security and stability moving from paas to docker based paas. Worried I'll move everything to docker and end up moving back to vms bc of some issues or some vulnerability.
Devs and security researchers out there!!
I had a doubt regarding subdomain takeover vulnerability.
How to find where a site is hosted on heroku or AWS or heroku or more?
I was trying to write a script for it.
Any expertise will be welcomed.2
Sometimes I'll block a code submission with the words security vulnerability", then go have a 10 minute break to see if the others can spot it on their own.