HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dnet

no profile record

Submissions

Unauthenticated RCE as Qsecofr via IBM i Management Central

blog.silentsignal.eu
2 points·by dnet·الشهر الماضي·0 comments

comments

dnet
·قبل 4 أشهر·discuss
In newer versions, it's disabled by default and you have to do something like this to enable in ~/.ssh/config:

    Host *
    EnableEscapeCommandline yes
dnet
·قبل 7 أشهر·discuss
See https://doctorow.medium.com/como-is-infosec-307f87004563

> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.
dnet
·قبل 10 أشهر·discuss
I assume the scanner is a separate library/service that receives the contents and returns a boolean safe/malicious result, and the implementation using MD5 to avoid expensive re-scans is an internal detail hidden from the caller.
dnet
·قبل 11 شهرًا·discuss
While the default is indeed to lock the entire database, it has been an option for 15 years to avoid this: https://www.sqlite.org/wal.html