新しいテキストドキュメント. txt (32)

!chid

CONFLICT (content)
Automatic merge failed; fix conflicts and then commit the result.

Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups
https://www.securityweek.com/iran-run-isp-cloudzy-caught-supporting-nation-state-apts-cybercrime-hacking-groups/

The company, identified as Cloudzy, is registered in the United States, but Halcyon believes that it is operated out of Tehran, Iran, by an individual named Hassan Nozari, likely in violation of US sanctions.

>>3
The US State Department and FBI will eventually come for their DNS. I feel bad for any of the legits who are on there who still don't know how much risk their bits are in.

https://cloudzy[.]com/buy-vps/

匿名性を売りにして制裁回避するために仮想通貨で払わすの面白い
北朝鮮もホスティングやったら需要あるんじゃない？

Cloudflare Radar's new BGP origin hijack detection system
https://blog.cloudflare.com/bgp-hijack-detection/

In order to further advocate for RPKI deployment and filtering of RPKI invalid announcements, Cloudflare has been providing a RPKI test service, Is BGP Safe Yet?, allowing users to test whether their ISP filters RPKI invalid announcements. We also provide rich information with regard to the RPKI status of individual prefixes and ASes at https://rpki.cloudflare.com/.

にほごんでたのます
曇ってることしかわからん

停電で使い物にならなそう

グローバル板に来たんか思った

Monitoring Raw X11 Communication or why Chromium opens 7 Xorg connections
https://hereket.github.io/posts/monitoring-raw-x11-communication/

Initial Benchmarks Of The Intel Downfall Mitigation Performance Impact
https://www.phoronix.com/review/intel-downfall-benchmarks

ちょっと気になる

https://veilid.com/defcon/talk/

The framework is conceptually similar to IPFS and Tor, but faster and designed from the ground-up to provide all services over a privately routed network.

読んでるぞ

Administrator of ‘Bulletproof’ Webhosting Domain Charged in Connection with Facilitation of NetWalker Ransomware
https://www.justice.gov/opa/pr/administrator-bulletproof-webhosting-domain-charged-connection-facilitation-netwalker

LolekHosted[.]net takedownの件
justice.govってバカみたいなドメインだな、いつも

>>14
😱

Microsoft finds vulnerabilities it says could be used to shut down power plants
https://arstechnica.com/security/2023/08/microsoft-finds-vulnerabilities-it-says-could-be-used-to-shut-down-power-plants/

PLCの脆弱性の話、インフラに対する攻撃って非戦闘状態では利用されないと思うけど🤔

送電システムへのハッキングって2001年にあったのと、あと80年代頃になんかあった気がするけど詳細思い出せない

[EN] A-Z: OPNsense - Penetration Test

https://logicaltrust.net/blog/2023/08/opnsense.html

Ford says cars with WiFi vulnerability still safe to drive
https://www.bleepingcomputer.com/news/security/ford-says-cars-with-wifi-vulnerability-still-safe-to-drive/

この記事読んで思い出したけどHondaって日本でRolling Pwnの対応ちゃんとしてんのかな

>>20
flipper zeroが売れるわけだ

New Python URL Parsing Flaw Could Enable Command Execution Attacks
https://thehackernews.com/2023/08/new-python-url-parsing-flaw-enables.html

A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution.

The flaw has been assigned the identifier CVE-2023-24329 and carries a CVSS score of 7.5. Security researcher Yebo Cao has been credited with discovering and reporting the issue in August 2022. It has been addressed in the following versions -

>= 3.12
3.11.x >= 3.11.4
3.10.x >= 3.10.12
3.9.x >= 3.9.17
3.8.x >= 3.8.17, and
3.7.x >= 3.7.17

これ影響度大きいからスレ立ててもいいかも

Teens Don’t Really Understand That the World Can See What They Do Online, but I Do
https://www.nytimes.com/2023/08/11/opinion/social-media-privacy-teenagers.html

「公共」とはなにか

だよなあ
わかるやで

The illusion of moral decline
https://www.nature.com/articles/s41586-023-06137-x

Journalism Maybe
https://shorensteincenter.org/journalism-maybe/

memo.mdニキか？

30 【経験値:3/47(LvUP必要値) あと約1160分でLvUP】 2023/08/13(日) 06:06:02.09 ID:qzjC66KT

pythonのライブラリに特権昇格の脆弱性か

>>30
Privilege EscalationつーかRCEでなんでもできそう

32 kako kako

kako
https://kako.sannan.nl