|
I see there’s a new iOS out and Apple don’t seem to have updated their security info page yet, anyone have any idea if it fixes the Pegasus thing?
|
# ? Jul 20, 2021 17:19 |
|
|
# ? Jun 9, 2024 16:05 |
|
Volmarias posted:Advanced please do not dox me in the infosec thread
|
# ? Jul 20, 2021 17:25 |
if anyone hasn't seen it yet amnesty international's writeup on pegasus is a fascinating read.
|
|
# ? Jul 20, 2021 17:39 |
|
mostly I’m just waiting for the exploit to leak to a ransomware gang
|
# ? Jul 20, 2021 17:47 |
|
Volmarias posted:Advanced writing a bot rn that searches for and runs powershell statements in a disposable vm when an authorized user mentions it
|
# ? Jul 20, 2021 17:54 |
|
enhancing PoC testing for my Twitter on the Shitter time
|
# ? Jul 20, 2021 17:55 |
|
citizenlab poke them every so often as well, always worth keeping an eye on their reports
|
# ? Jul 20, 2021 17:57 |
|
Polkit is such a trash heap and I hate that it's integral to privilege escalation. It requires MozJS which is a 20MB .so file. After 0.117 it requires MozJS > 60, which means Yocto and Buildroot can't use it. There has been a pending patch to integrate duktape support for over a year and the maintainers have been downright rude and unresponsive whenever people speak up and say "hey, what's the status of this?" Ugh. FlapYoJacks fucked around with this message at 18:05 on Jul 20, 2021 |
# ? Jul 20, 2021 18:02 |
|
Making your desktop security framework thing use js feels like taking a massive amount of piss tbh. I've written stuff for polkit and ugh
|
# ? Jul 20, 2021 20:35 |
|
Soricidus posted:I see there’s a new iOS out and Apple don’t seem to have updated their security info page yet, anyone have any idea if it fixes the Pegasus thing? if it does there's a big coverage gap in the pending release for iPadOS because it's still 14.6
|
# ? Jul 21, 2021 00:59 |
|
spankmeister posted:Microsoft is having a bad month Jesus gently caress if you’ve updated from 1809 rather that format reinstall at every feature release than you’ve likely got shadow copy user-readable backups of your SAM and SECURITY reg hives. fuuuuuuuuuuuuuuck also pr*nters continue to be gently caress https://www.zdnet.com/article/hp-patches-vulnerable-printer-driver-impacting-millions-of-devices/ quote:The driver in question, SSPORT.SYS, is automatically installed and activated, whether the model was wireless or cabled. The driver is also loaded automatically by Microsoft's Windows operating system on PC boot.
|
# ? Jul 21, 2021 02:07 |
|
quote:1/ We mkdir() a deep directory structure (roughly 1M nested directories) whose total path length exceeds 1GB, we bind-mount it in an unprivileged user namespace, and rmdir() it.
|
# ? Jul 21, 2021 03:08 |
|
security threat: ants https://i.imgur.com/9EAyU5R.mp4
|
# ? Jul 21, 2021 05:05 |
|
just playing SIM ant
|
# ? Jul 21, 2021 05:14 |
|
MononcQc posted:just playing SIM ant
|
# ? Jul 21, 2021 05:18 |
|
MononcQc posted:just playing SIM ant
|
# ? Jul 21, 2021 05:26 |
|
MononcQc posted:just playing SIM ant
|
# ? Jul 21, 2021 05:37 |
|
MononcQc posted:just playing SIM ant
|
# ? Jul 21, 2021 05:57 |
|
MononcQc posted:just playing SIM ant
|
# ? Jul 21, 2021 07:24 |
|
MononcQc posted:just playing SIM ant
|
# ? Jul 21, 2021 07:50 |
|
What in the world
|
# ? Jul 21, 2021 08:02 |
|
MononcQc posted:just playing SIM ant
|
# ? Jul 21, 2021 08:43 |
systemd is, predictably, also involved - including in but not limited to a bypass of one of the mitigations:quote:systemd monitors and parses the contents of /proc/self/mountinfo, and passes each mountpoint path to mount_setup_unit(), which passes it to unit_name_from_path(), which passes it to unit_name_path_escape(): BlankSystemDaemon fucked around with this message at 10:02 on Jul 21, 2021 |
|
# ? Jul 21, 2021 10:00 |
for (; {
|
|
# ? Jul 21, 2021 10:09 |
cinci zoo sniper posted:for (; { orz
|
|
# ? Jul 21, 2021 10:17 |
too late, it’s compiling 💪😤💯
|
|
# ? Jul 21, 2021 10:33 |
watching code compile is one of the most zen things a system operator can do
|
|
# ? Jul 21, 2021 12:20 |
|
Can confirm, Gentoo is the most zen.
|
# ? Jul 21, 2021 13:59 |
|
generating endless guru meditations is not, in fact, zen
|
# ? Jul 21, 2021 14:11 |
|
BlankSystemDaemon posted:watching code compile is one of the most zen things a system operator can do
|
# ? Jul 21, 2021 14:19 |
|
Antigravitas posted:Can confirm, Gentoo is the most zen. I really want a working gentoo system so I can emerge @world when I need to calm down, but installing Gentoo is the opposite of zen. Nez?
|
# ? Jul 21, 2021 17:05 |
|
I installed Gentoo successfully and now the old laptop I put it on just sits there collecting dust. Has been this way for months since the install was completed. :zen:
|
# ? Jul 21, 2021 17:11 |
|
lol
|
# ? Jul 21, 2021 17:37 |
|
RFC2324 posted:I really want a working gentoo system so I can emerge @world when I need to calm down, but installing Gentoo is the opposite of zen. Nez? start programming either heavily templated c++ or julia, i think they are tied for percentage of time you are just waiting for compilations to finish (though distributed in time very differently).
|
# ? Jul 21, 2021 17:44 |
|
just compile mongodb, nodejs, or QT if you want to see things compiling forever.
|
# ? Jul 21, 2021 18:23 |
|
DoomTrainPhD posted:just compile mongodb no self-harm in yospos
|
# ? Jul 21, 2021 18:26 |
|
flakeloaf posted:no self-harm in yospos Hey now, I never said to run mongodb. I’m not that mean.
|
# ? Jul 21, 2021 18:29 |
|
it's not mine i'm just compiling it for a friend this tab a8 is mine, and it hasn't received a security update in a year
|
# ? Jul 21, 2021 18:32 |
|
Cybernetic Vermin posted:start programming either heavily templated c++ or julia, i think they are tied for percentage of time you are just waiting for compilations to finish (though distributed in time very differently). make a mistake with boost on an older compiler and it will spend more time spitting out an endless stream of cryptic error lines than it ever would compiling
|
# ? Jul 21, 2021 18:33 |
|
|
# ? Jun 9, 2024 16:05 |
|
My favorite mongodb story was that a nodejs/react native app was writing data with different types depending on whether you did something on mobile or web and mongodb happily accepted things sometimes being ints and sometimes being strings and maybe even sometimes datetime objects and javascript was able to read back mixed type data fine anyway because javascript is dogshit.
|
# ? Jul 21, 2021 18:52 |