|
Zil posted:And the initials on the comment on that line of code?
|
#
?
Nov 28, 2017 22:31
|
|
|
|
| # ? May 14, 2024 15:09 |
|
|
Zil posted:And the initials on the comment on that line of code? lmfao
|
|
#
?
Nov 28, 2017 22:32
|
|
|
I'm laughing at all the twitter plebs that are going to try this, and then forget about it, and now they have a blank root password.
|
|
#
?
Nov 28, 2017 22:36
|
|
|
Salt Fish posted:I'm laughing at all the twitter plebs that are going to try this, and then forget about it, and now they have a blank root password. id hope that an update from apple would fix that
|
|
#
?
Nov 28, 2017 22:37
|
|
|
https://twitter.com/textfiles/status/935305053258125312
|
|
#
?
Nov 28, 2017 22:39
|
|
|
Salt Fish posted:I'm laughing at all the twitter plebs that are going to try this, and then forget about it, and now they have a blank root password. what’s responsible disclosure
|
|
#
?
Nov 28, 2017 22:43
|
|
|
root bypass happens to the best of us
|
|
#
?
Nov 28, 2017 22:45
|
|
|
Bulgogi Hoagie posted:what’s responsible disclosure guy could have probably collected a nice bug bounty but instead went the comedy route and we all benefit.
|
|
#
?
Nov 28, 2017 22:46
|
|
|
time to get grampa to learn how to run `passwd root` on his trump twitter box
|
|
#
?
Nov 28, 2017 22:46
|
|
|
https://twitter.com/Viss/status/935625291749138432akadajet posted:guy could have probably collected a nice bug bounty but instead went the comedy route and we all benefit.
|
|
#
?
Nov 28, 2017 22:47
|
|
|
akadajet posted:guy could have probably collected a nice bug bounty but instead went the comedy route and we all benefit. money cant buy you lols
|
|
#
?
Nov 28, 2017 22:47
|
|
|
Diva Cupcake posted:i guess apple only has a bug bounty for ios and not macos. and it's invite only. 
|
|
#
?
Nov 28, 2017 22:48
|
|
|
Diva Cupcake posted:i guess apple only has a bug bounty for ios and not macos. and it's invite only. lmao
|
|
#
?
Nov 28, 2017 22:48
|
|
|
Diva Cupcake posted:i guess apple only has a bug bounty for ios and not macos. and it's invite only. holy loly
|
|
#
?
Nov 28, 2017 22:48
|
|
|
https://twitter.com/pizen/status/935617411016826880
|
|
#
?
Nov 28, 2017 22:50
|
|
|
im overstimulated. i need a sedative.
|
|
#
?
Nov 28, 2017 22:50
|
|
|
so does it only work if you bug it out in a system settings menu first so it actually makes the empty root acc
|
|
#
?
Nov 28, 2017 22:52
|
|
|
All my friends think I'm a square for using hotels instead of air bnb. I can't seem to get through to them that gig economy apps are really just a platform for selecting rape victims en masse.
|
|
#
?
Nov 28, 2017 22:52
|
|
|
Bulgogi Hoagie posted:so does it only work if you bug it out in a system settings menu first so it actually makes the empty root acc yes
|
|
#
?
Nov 28, 2017 22:53
|
|
|
i hope someone gets fired for this it's just embarrassing
|
|
#
?
Nov 28, 2017 22:53
|
|
|
there are a bunch of stories like this and i dont think i could ever bring myself to use airbnb. too suspect.
|
|
#
?
Nov 28, 2017 22:54
|
|
|
Diva Cupcake posted:i guess apple only has a bug bounty for ios and not macos. and it's invite only. lmbo if i only had a twitter account i would go shove this in the face of every one of those idiots screeching "RESPONSIBLE DISCLOOOOOSUUUUURE" also what's the usual payout for a bug bounty anyway and how reliable is it to actually get paid out? b/c i would definitely leave a few hundo on the table to massively embarrass a major corporation
|
|
#
?
Nov 28, 2017 22:54
|
|
|
zero effort privilege escalation
|
|
#
?
Nov 28, 2017 22:54
|
|
|
my bitter bi rival posted:there are a bunch of stories like this and i dont think i could ever bring myself to use airbnb. too suspect. right, and it's only the idiots who are being super obvious who are getting caught. there's plenty of ways to hide a camera that arent as conspicuous as GIANT POD ON WALL
|
|
#
?
Nov 28, 2017 22:55
|
|
|
Farmer Crack-rear end posted:lmbo if i only had a twitter account i would go shove this in the face of every one of those idiots screeching "RESPONSIBLE DISCLOOOOOSUUUUURE" i mean if you check the security update pages on the apple website seeming randos get CVEs all the time and they probably get paid too
|
|
#
?
Nov 28, 2017 22:56
|
|
|
jfc why would you put that root vulnerability into a public tweet?MALE SHOEGAZE posted:imagine the sinking feeling the programmer responsible for that bug is feeling right about now or anyone involved in the response. imagine seeing this whopper pop up on the bug tracker at 7:00 AM PST while most of the main team is probably en route to work. it would be legitimately interesting to see a timeline of how long this took to get to the response team.
|
|
#
?
Nov 28, 2017 22:58
|
|
|
Shifty Pony posted:jfc why would you put that root vulnerability into a public tweet? because it's funny and now apple has to clean it up
|
|
#
?
Nov 28, 2017 23:00
|
|
|
Diva Cupcake posted:i guess apple only has a bug bounty for ios and not macos. and it's invite only. ???? i checked their bug tracker and you can report osx issues
|
|
#
?
Nov 28, 2017 23:02
|
|
|
LinYutang posted:???? i checked their bug tracker and you can report osx issues do they offer money though? do I have to pay money to access it?
|
|
#
?
Nov 28, 2017 23:04
|
|
|
anyone know if its possible to pipe input to a mac UAC screen via cli because i can get this to work running 'security authorizationdb write system.preferences.users allow' also if so, i think that this can be scripted
|
|
#
?
Nov 28, 2017 23:08
|
|
|
my bitter bi rival posted:anyone know if its possible to pipe input to a mac UAC screen via cli because i can get this to work running 'security authorizationdb write system.preferences.users allow' also can you do it with applescript?
|
|
#
?
Nov 28, 2017 23:10
|
|
|
whatever autohotkey alternative for mac is  also, boy am i glad rn i have root account set up on all our macs, my users are dumb and one once managed to break ldap preventing anyone from logging in so now all the macs have a local root with a long password, i just hope the sploit doesn't also disable password because lol vvv: well thank gently caress for that Truga fucked around with this message at 23:18 on Nov 28, 2017 |
|
#
?
Nov 28, 2017 23:15
|
|
|
it wont disable an existing password if the local root acct is enabled and has one.
|
|
#
?
Nov 28, 2017 23:17
|
|
|
akadajet posted:because it's funny and now apple has to clean it up definitely don't disagree there. this is hilarious.
|
|
#
?
Nov 28, 2017 23:18
|
|
|
Zil posted:And the initials on the comment on that line of code? 'Ere I am, J.H. flakeloaf posted:sierra=high,dumb amazing
|
|
#
?
Nov 28, 2017 23:18
|
|
|
cis autodrag posted:All my friends think I'm a square for using hotels instead of air bnb. I can't seem to get through to them that gig economy apps are really just a platform for selecting rape victims en masse. hh holmes, but with an app
|
|
#
?
Nov 28, 2017 23:19
|
|
|
https://twitter.com/BAKKOOONN/status/935629381560516608
|
|
#
?
Nov 28, 2017 23:22
|
|
|
Bulgogi Hoagie posted:zero effort privilege escalation  effort less root
|
|
#
?
Nov 28, 2017 23:22
|
|
|
So good https://twitter.com/InTrumpsAmerica/status/935628409908158464?s=17
|
|
#
?
Nov 28, 2017 23:22
|
|
|
|
| # ? May 14, 2024 15:09 |
|
|
Shifty Pony posted:jfc why would you put that root vulnerability into a public tweet? the great part about having security flaws that joe random can find is that joe random has no idea how to report a security flaw and is probably just going to tweet about it
|
|
#
?
Nov 28, 2017 23:22
|
|
