note.md (44)

!NO
!noid

Google, Cloudflare, and AWS Disclose Largest DDoS Attack in History
https://hatenablog-parts.com/embed?url=https://www.hackread.com/google-cloudflare-aws-largest-ddos-attack/</a>" frameborder="0">https://www.hackread.com/google-cloudflare-aws-largest-ddos-attack/

Google, Cloudflare, and AWS Disclosed Digital History’s Largest Ever DDoS Attack- Courtesy HTTP/2 Zero-day

Dubbed HTTP/2 Rapid Reset, the vulnerability lets attacker send specially designed HTTP/2 requests to their target server and trigger a large-scale response. They can further amplify this response by sending the same request to as many vulnerable IoT devices and misconfigured servers as they want. The vulnerability is tracked as CVE-2023-44487 and has been assigned a CVSS score of 7.5 out of 10, rated High Severity.

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

https://hatenablog-parts.com/embed?url=https://thehackernews.com/2023/10/microsoft-to-phase-out-ntlm-in-favor-of.html</a>" frameborder="0">https://thehackernews.com/2023/10/microsoft-to-phase-out-ntlm-in-favor-of.html

Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security.

KerberosはmacOSだとHeimdalという名称の互換性を持たせたプロトコルになっているのが古い良きハッカー文化とかjargonを思い出させる

ここ1月くらいで色んなことがあったcurlのやつとか
でも1番はCISAのKnown Exploited Vulnerabilities Catalogじゃないかな
https://hatenablog-parts.com/embed?url=https://www.cisa.gov/known-exploited-vulnerabilities-catalog</a>" frameborder="0">https://www.cisa.gov/known-exploited-vulnerabilities-catalog

>>6
CISAとNISTから日本でもNISCを中心に監査が入ってる...という話を聞いた気がするし気のせいかもしれない

D-Link WiFi range extender vulnerable to command injection attacks
https://hatenablog-parts.com/embed?url=https://www.bleepingcomputer.com/news/security/d-link-wifi-range-extender-vulnerable-to-command-injection-attacks/</a>" frameborder="0">https://www.bleepingcomputer.com/news/security/d-link-wifi-range-extender-vulnerable-to-command-injection-attacks/

Cisco urges admins to fix IOS software zero-day exploited in attacks
https://hatenablog-parts.com/embed?url=https://www.bleepingcomputer.com/news/security/cisco-urges-admins-to-fix-ios-software-zero-day-exploited-in-attacks/</a>" frameborder="0">https://www.bleepingcomputer.com/news/security/cisco-urges-admins-to-fix-ios-software-zero-day-exploited-in-attacks/

謎定期

セキュリティエンジニアでもやってるんですかね🤔

US and Japan warn of Chinese hackers backdooring Cisco routers
https://hatenablog-parts.com/embed?url=https://www.bleepingcomputer.com/news/security/us-and-japan-warn-of-chinese-hackers-backdooring-cisco-routers/</a>" frameborder="0">https://www.bleepingcomputer.com/news/security/us-and-japan-warn-of-chinese-hackers-backdooring-cisco-routers/

とはいえ国内にある怪しげなVPSやASを除き5chのIP🐜の荒らし見る限りYAMAHAの古いのとか古いCE踏み台にしてる傾向

Thousands of Juniper devices vulnerable to unauthenticated RCE flaw
https://hatenablog-parts.com/embed?url=https://www.bleepingcomputer.com/news/security/thousands-of-juniper-devices-vulnerable-to-unauthenticated-rce-flaw/</a>" frameborder="0">https://www.bleepingcomputer.com/news/security/thousands-of-juniper-devices-vulnerable-to-unauthenticated-rce-flaw/

tracertかけるとifの名前でJUNOS経由してるなあってわかるから面白い

curlのやつ

Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released
https://hatenablog-parts.com/embed?url=https://thehackernews.com/2023/10/two-high-risk-security-flaws-discovered.html</a>" frameborder="0">https://thehackernews.com/2023/10/two-high-risk-security-flaws-discovered.html

NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package
https://hatenablog-parts.com/embed?url=https://www.hackread.com/npm-typosquatting-attack-deliver-r77-rootkit/</a>" frameborder="0">https://www.hackread.com/npm-typosquatting-attack-deliver-r77-rootkit/

FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data

https://hatenablog-parts.com/embed?url=https://www.hackread.com/fortiguard-labs-malicious-npm-packages-steal-data/</a>" frameborder="0">https://www.hackread.com/fortiguard-labs-malicious-npm-packages-steal-data/

New Magecart Attack Uses 404 Errors to Steal Your Card Data
https://hatenablog-parts.com/embed?url=https://www.hackread.com/magecart-attack-404-errors-steal-card-data/</a>" frameborder="0">https://www.hackread.com/magecart-attack-404-errors-steal-card-data/

1. Akamai has discovered a new Magecart campaign in which scammers manipulate the default 404 error messages to inject malicious code.
2. The malicious code is injected as bogus Meta Pixel code or an inline script.

これなかなかよく考えられてる

【PR】

Wing Disrupts the Market by Introducing Affordable SaaS Security
https://hatenablog-parts.com/embed?url=https://thehackernews.com/2023/10/wing-disrupts-market-by-introducing.html</a>" frameborder="0">https://thehackernews.com/2023/10/wing-disrupts-market-by-introducing.html

Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach has emerged that can be launched for $1,500 a year.

そうなのよね、現実問題セキュリティというのはリスクに対して事前も事後もコストが高すぎる
他方国や業界団体からは一方的にやれと言われる

でもまあ、そのガイドライン自体発行日若いのに内容が時代錯誤なものだったりするから国主導のWGで意見を求めてますからツッコんであげる必要があるし、よく知らない業界団体ならレスバする羽目になる

The Anti-AntiAdblocker uBlock Origin filter to get rid of the annoying YouTube message. It turns off the JavaScript anti-adblock payload:
https://hatenablog-parts.com/embed?url=https://files.enderman.ch/scripts/yt-antiadblocker.txt</a>" frameborder="0">https://files.enderman.ch/scripts/yt-antiadblocker.txt

Universal Acceptance Issues with .TUBE, ASCII and IDN Domains https://hatenablog-parts.com/embed?url=https://circleid.com/posts/20231014-universal-acceptance-issues-with-.tube-ascii-and-idn-domains</a>" frameborder="0">https://circleid.com/posts/20231014-universal-acceptance-issues-with-.tube-ascii-and-idn-domains

In 2022, we developed a specialized short link creator for videos under the .TUBE TLD, to provide added value for our clients. However, we encountered a very significant problem. When .TUBE URLs were sent via WhatsApp, they were not linkifying. This issue persisted despite the TLD being delegated by ICANN almost eight years ago.

Moreover, many serious issues still persist with many other platforms. For example, Apple simply does not appear to linkify any nTLD except for .XYZ and .ONLINE, and even for those, the linkification is dependent upon the version of WhatsApp being used. Apple ought to be encouraged by ICANN to update the list of TLDs that they recognize in Apple applications, and to regularly update that list in the future. We also know that X (fka Twitter) is not linkifying .KIDS nor .MUSIC gTLDs delegated in 2021. We are researching whether Microsoft has similar issues, but all of these efforts are draining our corporate executive time and resources, to do a job that should have been done by ICANN years ago. We have collected evidence and reference materials for ICANN and the community’s consideration and posted them on our drive. Despite its knowledge of this linkification problem, and despite the significant ICANN resources already allocated to deal with so-called “Universal Acceptance,” almost a decade into the new TLD program, the two operating systems used by 98% of all the telephones in the world are not fully UA compliant.

😙
test.天主教

https://hatenablog-parts.com/embed?url=https://icannwiki.org/.</a>" frameborder="0">https://icannwiki.org/.天主教

Pirate Sites Exploit ‘Interplanetary File System’ Gateways, Publishers Warn

https://hatenablog-parts.com/embed?url=https://torrentfreak.com/pirate-sites-exploit-interplanetary-file-system-gateways-publishers-warn-231013/</a>" frameborder="0">https://torrentfreak.com/pirate-sites-exploit-interplanetary-file-system-gateways-publishers-warn-231013/

The InterPlanetary File System, more broadly known as IPFS, has been around for the past eight years.

While the name may sound otherworldly to the public at large, the peer-to-peer file storage network has a growing user base among the tech-savvy.

In short, IPFS is a decentralized network where users make files available to each other. The system makes websites censorship resistant and not vulnerable to regular hosting outages.

torrentの頃と同じ論調を展開してるわけだけど音楽業界がそこまで過敏にならなくなったのはsubscriptionっていう対抗可能な商業形態を作ったからなんじゃないですかね

Genshin Impact: Major Private Server Dev Faces DMCA Subpoenas
https://hatenablog-parts.com/embed?url=https://torrentfreak.com/genshin-impact-major-private-server-dev-faces-dmca-subpoenas-231010/</a>" frameborder="0">https://torrentfreak.com/genshin-impact-major-private-server-dev-faces-dmca-subpoenas-231010/

Encrypted Client Hello (ECH) Effectively Defeats Pirate Site Blocking
https://hatenablog-parts.com/embed?url=https://torrentfreak.com/encrypted-client-hello-ech-effectively-defeats-pirate-site-blocking-231006/</a>" frameborder="0">https://torrentfreak.com/encrypted-client-hello-ech-effectively-defeats-pirate-site-blocking-231006/

The actual blocking is done by Internet providers, often following a court order. These measures can range from simple DNS blocks to more elaborate schemes involving Server Name Indication (SNI) eavesdropping, or a combination of both.

Thus far, the more thorough blocking efforts have worked relatively well. However, as privacy concerns grew, new interfering technologies have emerged. Encrypted DNS and SNI, for example, made blocking efforts much harder, although not impossible.

GFWかな？

Russia Prepares RuStore VPN Ban After Declaring RuStore Installation Mandatory
https://hatenablog-parts.com/embed?url=https://torrentfreak.com/russia-prepares-rustore-vpn-ban-after-declaring-rustore-installation-mandatory-231004/</a>" frameborder="0">https://torrentfreak.com/russia-prepares-rustore-vpn-ban-after-declaring-rustore-installation-mandatory-231004/

sideloadになるかは別にしてロシアってどこかの法改正の段階で「新規のVPNクライアント」の配布自体を違法化してた記憶あるんだが

エッヂの今後の運営方針議論スレ
https://hatenablog-parts.com/embed?url=https://git.3chan.cc/edginer/eddiner/issues/42</a>" frameborder="0">https://git.3chan.cc/edginer/eddiner/issues/42

極性辞書によるネガポジ判定でもすりゃいいんじゃないですかね
faxcntやredditのkarmaみたいに忍法帖にスコア組み込めば

The SUN👈🤭

UP IN THE SKY US warns Starlink satellites will start killing people and reveals chance of hitting a human will soon be 61% each year
https://hatenablog-parts.com/embed?url=https://www.the-sun.com/tech/9321207/us-warning-starlink-satellites-kill-people/</a>" frameborder="0">https://www.the-sun.com/tech/9321207/us-warning-starlink-satellites-kill-people/

THE Federal Aviation Administration has spoken out on the dangers of Starlink satellites potentially injuring humans on Earth.

By 2035, debris from low-earth orbit (LEO) objects, like Starlink satellites, could fall and injure or kill someone, the FAA said in report to Congress.

>>33
凄い煽り記事

Comcast starts squeezing 2 Gbps symmetrical internet speeds through decades-old coaxial cables
https://hatenablog-parts.com/embed?url=https://www.engadget.com/comcast-starts-squeezing-2-gbps-symmetrical-internet-speeds-through-decades-old-coaxial-cables-143657830.html</a>" frameborder="0">https://www.engadget.com/comcast-starts-squeezing-2-gbps-symmetrical-internet-speeds-through-decades-old-coaxial-cables-143657830.html

Comcast is upgrading its residential cable internet service to offer upload and download speeds of up to 2 Gbps through decades-old coaxial cables.

>>35
"residential cable internet service"
アメリカだなぁ、あの国は未だにT1の回線存在するからビックリする
だからLEOに投資出来たんだろうけど

Across U.S., Chinese Bitcoin Mines Draw National Security Scrutiny
https://hatenablog-parts.com/embed?url=https://www.nytimes.com/2023/10/13/us/bitcoin-mines-china-united-states.html</a>" frameborder="0">https://www.nytimes.com/2023/10/13/us/bitcoin-mines-china-united-states.html

Microsoft reported one site in Wyoming because of its proximity to a data center and nuclear missile base. Records show other cryptocurrency facilities have ties to the Chinese state.

talkもそうだけどハワイにペーパーLLC作るの安いし簡単なんよね
それでAS申請してIPレンジ割当してもらってIXとpeerはれば色々悪いことできるし中国系グループが日本でもやってる

tips

An unscientific benchmark of SQLite vs the file system (btrfs) https://hatenablog-parts.com/embed?url=https://golangexample.com/an-unscientific-benchmark-of-sqlite-vs-the-file-system-btrfs/</a>" frameborder="0">https://golangexample.com/an-unscientific-benchmark-of-sqlite-vs-the-file-system-btrfs/

【PR】

PROFESSIONAL EMAIL SHOULDN’T COST SO MUCH

Unlimited domains. Unlimited users. All at $1 a month.
https://hatenablog-parts.com/embed?url=https://mymangomail.com/</a>" frameborder="0">https://mymangomail.com/

なるほど、なるほど
うーん、せやな
わかる

なるほどね

https://hatenablog-parts.com/embed?url=https://bot.sannysoft.com/</a>" frameborder="0">https://bot.sannysoft.com/

なるほどな
海外クラスのワイなら分かるわ