HackerTrans
TopNewTrendsCommentsPastAskShowJobs

keisborg

no profile record

comments

keisborg
·há 12 meses·discuss
One step closer to container breakout? Gaining root access give you a bigger attack surface for kernel exploits.
keisborg
·ano passado·discuss
I cannot answer for all the program owners, but I imagine that there are other concerns than reproducibility
keisborg
·ano passado·discuss
The policies states it’s not allowed to use automated tools, not to submit report using automated tools alone. Human review does not really change that.
keisborg
·ano passado·discuss
«XBOW submitted nearly 1,060 vulnerabilities. All findings were fully automated, though our security team reviewed them pre-submission to comply with HackerOne’s policy on automated tools»

That seems a bit unethical. I’ve thought companies specifically deny usage of automated tools. A bit too late ey…?
keisborg
·ano passado·discuss
I looked through most of the charts, and I it seems like you cannot get the best of two worlds. Can you get good edge retention, ease of sharpening and toughness at the same time?

It would be nice with an example on how knife steel properties work. I assume there are balanced tradeoffs.
keisborg
·ano passado·discuss
I love term how it plays on the words and the negative association we have with anti-personell mines

If we could have a ban on anti-personell computers…
keisborg
·ano passado·discuss
I get a cloudflare puzzle when I try to visit this link :(
keisborg
·ano passado·discuss
Ed Martin seems like a SME when he himself has been influenced by foreign agencies and spoke their case.
keisborg
·ano passado·discuss
Link is paywalled. Not possible to read
keisborg
·ano passado·discuss
We do not know why you are in jail, but because you are in jail you must have done something bad. We cannot just let bad people roam freely
keisborg
·ano passado·discuss
We all are
keisborg
·ano passado·discuss
So, they are basically saying that bash is vulnerable to arbitrary command execution?
keisborg
·ano passado·discuss
I would hope so, but on

Tarlogics blog post, it is mentioned “modifying chips arbitrarily”, “infecting chips with malicious code”, “obtain confidential information stored on them”.

Even though they rephrased the backdoor wording, the remaining statements make me believe the undocumented functions can be used to gain code execution on the main cpu.
keisborg
·ano passado·discuss
It it possible to create firmware that is encrypted and cannot be read out. Espressif state there is no security issues, but I have a feeling that these debug commands may be used to read out the flash of a properly secured esp32 that otherwise would not be possible…
keisborg
·ano passado·discuss
There was someone that figured out how to detect if the output was piped or not to bash on the webserver, can consider the fact and chose to be malicious or not
keisborg
·ano passado·discuss
My understanding of the article is that it was about shutting down the program that keeps the nuclear navy afloat, not about a backdoor with a switch to turn off the arsenal
keisborg
·ano passado·discuss
Yeah, it says it will create an SVG in seconds, but seconds later, there is no SVG. Did not occur to me that I had to log in, but probably won’t as I cannot be bothered to follow black patterns…
keisborg
·ano passado·discuss
I feel that dockerhub no longer can be the steward for the default docker repo because of this and the limitations they previously have implemented. It is time for them to hand over the baton stick to someone else, or that the notion of a default repo is removed all together
keisborg
·ano passado·discuss
Exactly this. And when a base image has a new release, all images based on this will also need an update
keisborg
·ano passado·discuss
It is not immediately clear to me if the limit is per repo/package or globally in the hub. For instance, I fear it will not be possible to add a new kubernetes node to my cluster without hitting the limit as it would need to pull all the individual images.