2 野に咲く名無し@転載禁止 (主) 2023/09/04 03:31:00
No more queuing at the border: Finland tests digital passports in world first
https://www.euronews.com/travel/2023/09/03/no-more-queuing-at-the-border-finland-tests-digital-passports-in-world-first
Finnish people flying from Helsinki to the UK may now be able to show a digital ID on their phone rather than their physical passport.
3 野に咲く名無し@転載禁止 (主) 2023/09/04 03:31:53
https://positive-intentions.com/
どういう実装か見る
4 野に咲く名無し@転載禁止 2023/09/04 03:32:38
すごいねえ🥺
5 野に咲く名無し@転載禁止 (主) 2023/09/04 03:34:39
https://www.bleepingcomputer.com/news/microsoft/microsoft-reminds-users-windows-will-disable-insecure-tls-soon/
"Windows 11 Insider Preview builds starting in September 2023 will have TLS versions 1.0 and 1.1 disabled by default. There is an option to re-enable TLS 1.0 or TLS 1.1 for users who need to maintain compatibility."
7 野に咲く名無し@転載禁止 (主) 2023/09/04 03:37:54
PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability
https://thehackernews.com/2023/09/poc-exploit-released-for-critical.html
Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight).
The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.
8 野に咲く名無し@転載禁止 (主) 2023/09/04 03:41:12
https://thehackernews.com/2023/08/lockbit-30-ransomware-builder-leak.html
The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants.
9 野に咲く名無し@転載禁止 (主) 2023/09/04 03:43:27
>>8
Quick Overview of Leaked LockBit 3.0 (Black) builder program
https://medium.com/s2wblog/quick-overview-of-leaked-lockbit-3-0-black-builder-program-880ae511d085
今でもclearnetで手に入るんですかね
一応念のために持ってはいますが
10 野に咲く名無し@転載禁止 (主) 2023/09/04 03:45:39
🤔
Senator Admits "Kids Online Safety Act" Will Target Trans Content Online
https://www.erininthemorning.com/p/senator-admits-kids-online-safety
11 野に咲く名無し@転載禁止 (主) 2023/09/04 03:47:21
Topton soft router is a mini PC with up to 8 high-speed Ethernet ports
https://liliputing.com/topton-soft-router-is-a-mini-pc-with-up-to-8-high-speed-ethernet-ports/
Or if you’re willing to trade a few ports for even higher speeds, you can opt for a model with four 2.5 GbE Ethernet ports and two 10 GbE SFP cages. The new Topton Soft Router is available with 8th-gen or 10th-gen Intel Core processor options, and it’s available now from AliExpress for $338 and up.
12 野に咲く名無し@転載禁止 (主) 2023/09/04 03:49:38
>>11
地味にいいよね
10G SFP+対応してるので思いつくのがBPI-R4とCRS305-1G-4S+INだけど前者はメモリ少ないし後者はそもそもスイッチだ
13 野に咲く名無し@転載禁止 2023/09/04 03:49:56
いつものことながらどっから持ってきてるんや?
sessionとかtelegramで情報交換しとるコミュニティあるん?
15 野に咲く名無し@転載禁止 (主) 2023/09/04 03:58:59
>>12
E-PONとかいうゴミ規格はともかくX-PONよりも10G SFP+だと安く輸入してEEPROM書き換えれば🙄
service unsupported-transceiverでいけるか
16 野に咲く名無し@転載禁止 (主) 2023/09/04 04:00:13
👀
An anonymous SMS sending tool with a WebGUI
https://github.com/ibnaleem/FreeSMS
17 野に咲く名無し@転載禁止 (主) 2023/09/04 04:02:26
👀
An open-source intelligence (OSINT) analysis tool leveraging GPT-powered embeddings and vector search engines for efficient data processing
https://github.com/estebanpdl/osintgpt
18 野に咲く名無し@転載禁止 (主) 2023/09/04 04:09:19
The endless battle to banish the world’s most notorious stalker website
https://www.washingtonpost.com/technology/2023/09/03/kiwifarms-website-offline/
kiwifarmの話
19 野に咲く名無し@転載禁止 (主) 2023/09/04 04:10:29
Security News This Week: 2 Polish Men Arrested for Radio Hack That Disrupted Trains
https://www.wired.com/story/poland-train-radio-attack-security-roundup/
20 野に咲く名無し@転載禁止 (主) 2023/09/04 04:12:00
どうでもいいんだけどwar drivingはともかくウクライナ侵攻における初期の戦術ネットワークへの攻撃の話ってまだ聞いてないんだけどどこにある?
21 野に咲く名無し@転載禁止 (主) 2023/09/04 04:14:26
Govts. Must ‘Encourage or Compel’ Internet Companies to Fight Piracy
https://torrentfreak.com/govts-must-encourage-or-compel-internet-companies-to-fight-piracy-230831/
In advance of a roundtable scheduled for October 3, submissions from rightsholders and their representatives have called for pirate site blocking in the United States and amendments to the DMCA that would allow for instant blocking of pirate streams.
22 野に咲く名無し@転載禁止 2023/09/04 06:45:57
ニュース貼ってるだけやけどこの国やと微妙に怪しいから大丈夫なんやろかイッチ……
23 野に咲く名無し@転載禁止 2023/09/04 12:37:54
こっちに来たんか
25 野に咲く名無し@転載禁止 2023/09/04 22:49:29
謎定期
26 野に咲く名無し@転載禁止 2023/09/04 22:56:07
主表示でイッチの書き込み丸見えやけど梨スレにする意味あったんか?
27 野に咲く名無し@転載禁止 (主) 2023/09/05 00:46:43
Private Zoom Alternative Jitsi Meet Abandons Anonymity Promise
https://reclaimthenet.org/private-zoom-alternative-jitsi-meet-abandons-anonymity-promise
This safe haven for privacy enthusiasts now requires Gmail, Facebook, or GitHub accounts to create a meeting room on its platform, a move that has ignited debates about its commitment to solid privacy and security norms.
29 野に咲く名無し@転載禁止 (主) 2023/09/05 00:51:40
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed
https://techcrunch.com/2023/09/02/smart-chastity-cage-emails-passwords-location/
We-Vibe🤭
30 野に咲く名無し@転載禁止 (主) 2023/09/05 00:57:45
Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising
https://thehackernews.com/2023/09/vietnamese-cybercriminals-targeting.html
31 野に咲く名無し@転載禁止 (主) 2023/09/05 01:12:00
>>30
なんか調査してると中国系なのかなぁ?と思いつつよくわからない東南アジアのグループがよくでてくる
finish-unv22.phpやってたところ
BulletProftLink - A phishing service from Malaysia (Part 1)
https://osint.fans/bulletproftlink-phishing-service-p1
32 野に咲く名無し@転載禁止 (主) 2023/09/05 01:13:00
>>31
Trellix Insights: Analyzing a large-scale Phishing-as-a-Service operation
https://kcm.trellix.com/corporate/index?page=content&id=KB95190
33 野に咲く名無し@転載禁止 (主) 2023/09/05 01:16:25
3Gの頃に神父が書いてたサイトとかも調べるとそっち系ぽくて多分この前のEuropolが指揮してたOperationで潰されたんじゃないかな😗
34 野に咲く名無し@転載禁止 (主) 2023/09/05 01:17:36
Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers
https://thehackernews.com/2023/09/hackers-exploit-minio-storage-system.html
Cybersecurity and incident response firm Security Joes said the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance.
The comprises CVE-2023-28432 (CVSS score: 7.5) and CVE-2023-28434 (CVSS score: 8.8), the former of which was added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog on April 21, 2023.
35 野に咲く名無し@転載禁止 (主) 2023/09/05 01:19:48
Connection coalescing with ORIGIN Frames: fewer DNS queries, fewer connections
https://blog.cloudflare.com/connection-coalescing-with-origin-frames-fewer-dns-queries-fewer-connections/
The ORIGIN Frame is an extension to the HTTP/2 and HTTP/3 specification, a special Frame sent on stream 0 or the control stream of the connection respectively. The Frame allows the servers to send an ‘origin-set’ to the clients on an existing established TLS connection, which includes hostnames that it is authorized for and will not incur any HTTP 421 errors. Hostnames in the origin-set MUST also appear in the certificate SAN list for the server, even if those hostnames are announced on different IP addresses via DNS.
Specifically, two different steps are required:
36 野に咲く名無し@転載禁止 (主) 2023/09/05 01:20:47
Specifically, two different steps are required:
1. Web servers must send a list enumerating the Origin Set (the hostnames that a given connection might be used for) in the ORIGIN Frame extension.
2. The TLS certificate returned by the web server must cover the additional hostnames being returned in the ORIGIN Frame in the DNS names SAN entries.
At a high-level ORIGIN Frames are a supplement to the TLS certificate that operators can attach to say, “Psst! Hey, client, here are the names in the SANs that are available on this connection -- you can coalesce!” Since the ORIGIN Frame is not part of the certificate itself, its contents can be made to change independently. No new certificate is required. There is also no dependency on IP addresses. For a coalesceable hostname, existing TCP/QUIC+TLS connections can be reused without requiring new connections or DNS queries.
37 野に咲く名無し@転載禁止 (主) 2023/09/05 01:22:57
I Had a Helicopter Mom. I Found Pornhub Anyway.
https://www.thefp.com/p/why-are-our-fourth-graders-on-pornhub
読み応えがある怪文書
38 野に咲く名無し@転載禁止 (主) 2023/09/05 01:35:34
API Abuse – Lessons from the Duolingo Data Scraping Attack
https://securityboulevard.com/2023/08/api-abuse-lessons-from-the-duolingo-data-scraping-attack/
It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here.
While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those vulnerabilities, this incident provides a good reminder that not all vulnerabilities are flaws in code. In fact, this API was working as designed. The OWASP API Top 10 accounts for these kinds of attacks as API6:2023 Unrestricted Access to Business Flows.
40 野に咲く名無し@転載禁止 (主) 2023/09/05 02:02:05
CVE-2023-4613
https://www.cve.org/CVERecord?id=CVE-2023-4613
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user.
41 野に咲く名無し@転載禁止 2023/09/05 02:04:58
IoT機器ハックして魔改造するのは夢あるよな
なお殆どの使われ方はDDoSとか模様