HackerTrans
トップ新着トレンドコメント過去質問紹介求人

dnet

no profile record

投稿

Unauthenticated RCE as Qsecofr via IBM i Management Central

blog.silentsignal.eu
2 ポイント·投稿者 dnet·先月·0 コメント

コメント

dnet
·4 か月前·議論
In newer versions, it's disabled by default and you have to do something like this to enable in ~/.ssh/config:

    Host *
    EnableEscapeCommandline yes
dnet
·7 か月前·議論
See https://doctorow.medium.com/como-is-infosec-307f87004563

> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.
dnet
·10 か月前·議論
I assume the scanner is a separate library/service that receives the contents and returns a boolean safe/malicious result, and the implementation using MD5 to avoid expensive re-scans is an internal detail hidden from the caller.
dnet
·11 か月前·議論
While the default is indeed to lock the entire database, it has been an option for 15 years to avoid this: https://www.sqlite.org/wal.html