Great for small networks. Once bad actors find it, it will be attacked. See gnutella as the case study on unsupervised peer to peer networks
I just read gnutella page on Wikipedia, no mention of bad actors
Readit Newselnerd commented on Mobile carriers can get your GPS location an.dywa.ng/carrier-gnss.h... · Posted by u/cbeuw
Previous discussion on ?a similar? vulnerability. That means there is yet another critical vulnerability from the same vendors, given the reporting date around ~August I hope this was addressed by Sony and Jabra around the same time.
https://news.ycombinator.com/item?id=46453204
> Bluetooth Headphone Jacking: A Key to Your Phone [video]
> 551 points
> 223 comments
> 21 days ago
I have the impression this is not the same. In the linked video, they talked about unauthenticated functions in BLE if I recall correctly…
In related news, 10% of Meta ads are malicious, and they have Meta seems to have little incentive to stop it.
https://www.reuters.com/investigations/meta-is-earning-fortu...
elnerd commented on Kubernetes egress control with squid proxy interlaye.red/kubernetes_... · Posted by u/fsmunoz
Would it be be trivial to have a init container to do CA injection? Maybe though mutating admission controller? Then some CNI magic to redirect outbound traffic to do transparent proxying?
One domain parking actor is responsible for nearly 10% of all issued ssl certificates. 185.53.178.99. This is just one of many bad actors.
I think as AI gets smarter, defenders should start assembling systems how NixOS does it.
Defenders should not have to engage in an costly and error-prone search of truth about what's actually deployed.
Systems should be composed from building blocks, the security of which can be audited largely independently, verifiably linking all of the source code, patches etc to some form of hardware attestation of the running system.
I think having an accurate, auditable and updatable description of systems in the field like that would be a significant and necessary improvement for defenders.
I'm working on automating software packaging with Nix as one missing piece of the puzzle to make that approach more accessible: https://github.com/mschwaig/vibenix
(I'm also looking for ways to get paid for working on that puzzle.)
We soon will have to implement paradoxes in our infrastructure.
Can't stand behaviour like this.
I pay for Spotify and the app now shows paid suggestions (cough ads), to paying users. When you tap the ellipsis and choose "Not interested", it doesn't respond with "OK, we'll stop" but something like 'We'll show less of this'.
No, don't show less, I want you to not show it at all.
I unsubscribed from Spotify for this very reason.
It gets blurry at times though.
Imagine a router has a web/cli interface for setting the DHCP server’s domain name. At some point the users’s data is forwarded to a process exiting the root-owned file.
Hypothetically, If a vulnerability in the parsing of such from the config could be exploited from the end-user, that would certainly matter.
And these things always seem to be one step away from bugs that allow arbitrary injection into the config file…
(I’m amazed at the hot messes exposed with HTTP and SMTP regarding difference in CR/CRLF/LF handling. Proxy servers and even “git” keep screwing this up…)
Just because you cannot see how a vulnerability can be exploited does not mean that others can. As you describe, people seem to assume that the only way the config file ends up on the server is «physically» editing it.
An anecdote: I have been struggling with exploiting a product that relies on MongoDb, I can replace the configuration file, but gaining RCE is not supported «functionality» in the embedded version as the __exec option came in a newer version.
A parser bug would be most welcome here.
What’s the emulator he used when designing the firmware?