Readit News logoReadit News
unluckier commented on Unauthenticated RCE vs. all GNU/Linux systems, CVSS 9.9   threadreaderapp.com/threa... · Posted by u/yread
ycombinatrix · a year ago
maybe i'm being overly pedantic but wouldn't that be a a CUPS specific RCE?

the title claims "all" GNU/Linux systems are vulnerable

unluckier · a year ago
The thread that the title comes from is from a Twitter user that later stated about the issue: "And YES: I LOVE hyping the sh1t out of this stuff because apparently sensationalism is the only language that forces these people to fix. "

As such, every single thing about the topic should be taken with a grain of salt. Starting with systems affected (it's not all GNU/Linux) and also CVSS score (I score it as a 6.3 instead of 9.9). Use your imagination to decide how much of what was posted is based on fact as opposed to fantasy.

unluckier commented on Warning: DNS encryption in Little Snitch 6.1 may occasionally fail   obdev.at/blog/warning-mac... · Posted by u/HelenePhisher
TechRemarker · a year ago
Before Sequoia when using OpenDNS for VPN, could be on VPN and iMessage and other apps still work, but since Sequoia, when on VPN iMessage (text messages) etc no longer work. Once I disconnect to VPN all goes through. Is this related at all? Do have macOS firewall enabled. But not block all incoming connections.
unluckier · a year ago
Disabling the firewall for testing is simple enough. If things work after turning off the firewall, then this is your problem.
unluckier commented on Warning: DNS encryption in Little Snitch 6.1 may occasionally fail   obdev.at/blog/warning-mac... · Posted by u/HelenePhisher
lapcat · a year ago
I can't reproduce this. Some people say it has to do with ESET: https://www.reddit.com/r/MacOS/comments/1fievr5/updating_mad...
unluckier · a year ago
It's easily reproducible with a fresh macOS install. Yes, ESET has its own issue. But this is a problem in and of itself. https://imgur.com/a/Nr7Gk6c
unluckier commented on Warning: DNS encryption in Little Snitch 6.1 may occasionally fail   obdev.at/blog/warning-mac... · Posted by u/HelenePhisher
bradgessler · a year ago
I’ve had issues using the Resolv library in Ruby when I’m connecting to the internet via a tethered iPhone. Never ran into that until Sequoia. I wonder if that’s related?

TBH I’m too lazy to dig in and find out. Has anybody else run into this issue?

unluckier · a year ago
See: https://waclaw.blog/macos-firewall-blocking-web-browsing-aft...

If disabling the firewall (for testing) solves this problem, this is likely your issue.

unluckier commented on Warning: DNS encryption in Little Snitch 6.1 may occasionally fail   obdev.at/blog/warning-mac... · Posted by u/HelenePhisher
unluckier · a year ago
Sequoia also breaks an application's ability to use DNS (or presumably anything UDP-based) if the macOS firewall is enabled, and an app is listed as "Block incoming connections". https://waclaw.blog/macos-firewall-blocking-web-browsing-aft...
unluckier commented on Fixing Weak Wi-Fi Router Security   nytimes.com/2018/06/13/te... · Posted by u/uptown
amiga-workbench · 7 years ago
Grab a decent microtik router and a few Ubiquiti Unifi AP's, setup automatic updates, and never touch them again.
unluckier · 7 years ago
So... two of the routers affected by the recent VPNFilter malware? Interesting choice.
unluckier commented on FreeBSD 11.0 Now Available   lists.freebsd.org/piperma... · Posted by u/eatonphil
unluckier · 9 years ago
No mention of ASLR. Helping to prevent memory corruption bugs apparently isn't on their radar?
unluckier commented on dd built-in progress introduced in coreutils 8.24   git.savannah.gnu.org/cgit... · Posted by u/vdfs
mahouse · 10 years ago
Couldn't you just send a SIGUSR1 signal to see the progress?
unluckier · 10 years ago
If you're on BSD, that'll kill dd.
unluckier commented on Avast’s man in the middle   thesafemac.com/avasts-man... · Posted by u/hwdsl2
userbinator · 10 years ago
In comparison, what is the risk of NOT performing SSL inspection and letting all encrypted data through?

Microsoft Internet Explorer, don't even allow viewing a certificate until after you have accepted it

Incorrect; there is a "view certificate" button on the warning dialog:

https://docs.oracle.com/html/B12013_03/img/sec_ie_install_ce...

unluckier · 10 years ago
What version of IE is that dialog from? 6? Things have changed quite a bit since then.

Yes, SSL inspection is a security tradeoff. Whether the folks rolling it out realize this is another story.

unluckier commented on Avast’s man in the middle   thesafemac.com/avasts-man... · Posted by u/hwdsl2
unluckier · 10 years ago
Even done in the best way possible, SSL inspection puts end users at increased risk. In the real world, vendors make mistakes, which put them at even higher risk. https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-i...
u

u/unluckier

KarmaCake day69November 29, 2014View Original