HackerTrans
TopNewTrendsCommentsPastAskShowJobs

vngzs

no profile record

Submissions

MinIO declines to release Docker builds resolving CVE-2025-62506

github.com
175 points·by vngzs·9 miesięcy temu·2 comments

comments

vngzs
·7 miesięcy temu·discuss
How do you manage to coax public production models into developing exploits or otherwise attacking systems? My experience has been extremely mixed, and I can't imagine it boding well for a pentesting tools startup to have end-users face responses like "I'm sorry, but I can't assist you in developing exploits."
vngzs
·4 lata temu·discuss
It's like a clear hood on your car. On a nice enough car, it shows the beauty of the engine. But on a cheap one ... Skeleton watches can be uniquely telling of the price of the watch.

Worth mentioning, most mechanical watches will have a sapphire back, so when you take them off you can admire the movement privately.
vngzs
·4 lata temu·discuss
From a defense standpoint, one should consider "shell on a box" to usually mean attackers can get root on a box. If they can get persistence, they can wait for a kernel CVE to abuse.

Now, if you're just using a bastion as a jump host, you don't need to offer shells on it. Just allow people to proxy a port to behind the bastion and be done with it.

    PermitTTY no
    ForceCommand /usr/sbin/nologin
    AllowTcpForwarding yes
    AllowAgentForwarding no
vngzs
·5 lat temu·discuss
I realize I'm a bit late to the party, but GL-iNet does this. They run OpenWRT, too! PoE support can be hit or miss, but being able to truly own my devices without compromising on features is amazing.

You probably want something like [0], which has PoE support and an optional Cloud connection. You can roll your own automation with (e.g.) SSH access since they are just Linux machines.

[0]: https://www.gl-inet.com/products/gl-ap1300/
vngzs
·7 lat temu·discuss
Even alcohol breathalyzers are regularly miscalibrated or defective and found to produce false positives. Legal pressure from manufacturers keeps this quiet.

https://www.zdnet.com/article/draeger-breathalyzer-breath-te...