HackerTrans
TopNewTrendsCommentsPastAskShowJobs

keisborg

no profile record

comments

keisborg
·12 месяцев назад·discuss
One step closer to container breakout? Gaining root access give you a bigger attack surface for kernel exploits.
keisborg
·в прошлом году·discuss
I cannot answer for all the program owners, but I imagine that there are other concerns than reproducibility
keisborg
·в прошлом году·discuss
The policies states it’s not allowed to use automated tools, not to submit report using automated tools alone. Human review does not really change that.
keisborg
·в прошлом году·discuss
«XBOW submitted nearly 1,060 vulnerabilities. All findings were fully automated, though our security team reviewed them pre-submission to comply with HackerOne’s policy on automated tools»

That seems a bit unethical. I’ve thought companies specifically deny usage of automated tools. A bit too late ey…?
keisborg
·в прошлом году·discuss
I looked through most of the charts, and I it seems like you cannot get the best of two worlds. Can you get good edge retention, ease of sharpening and toughness at the same time?

It would be nice with an example on how knife steel properties work. I assume there are balanced tradeoffs.
keisborg
·в прошлом году·discuss
I love term how it plays on the words and the negative association we have with anti-personell mines

If we could have a ban on anti-personell computers…
keisborg
·в прошлом году·discuss
I get a cloudflare puzzle when I try to visit this link :(
keisborg
·в прошлом году·discuss
Ed Martin seems like a SME when he himself has been influenced by foreign agencies and spoke their case.
keisborg
·в прошлом году·discuss
Link is paywalled. Not possible to read
keisborg
·в прошлом году·discuss
We do not know why you are in jail, but because you are in jail you must have done something bad. We cannot just let bad people roam freely
keisborg
·в прошлом году·discuss
We all are
keisborg
·в прошлом году·discuss
So, they are basically saying that bash is vulnerable to arbitrary command execution?
keisborg
·в прошлом году·discuss
I would hope so, but on

Tarlogics blog post, it is mentioned “modifying chips arbitrarily”, “infecting chips with malicious code”, “obtain confidential information stored on them”.

Even though they rephrased the backdoor wording, the remaining statements make me believe the undocumented functions can be used to gain code execution on the main cpu.
keisborg
·в прошлом году·discuss
It it possible to create firmware that is encrypted and cannot be read out. Espressif state there is no security issues, but I have a feeling that these debug commands may be used to read out the flash of a properly secured esp32 that otherwise would not be possible…
keisborg
·в прошлом году·discuss
There was someone that figured out how to detect if the output was piped or not to bash on the webserver, can consider the fact and chose to be malicious or not
keisborg
·в прошлом году·discuss
My understanding of the article is that it was about shutting down the program that keeps the nuclear navy afloat, not about a backdoor with a switch to turn off the arsenal
keisborg
·в прошлом году·discuss
Yeah, it says it will create an SVG in seconds, but seconds later, there is no SVG. Did not occur to me that I had to log in, but probably won’t as I cannot be bothered to follow black patterns…
keisborg
·в прошлом году·discuss
I feel that dockerhub no longer can be the steward for the default docker repo because of this and the limitations they previously have implemented. It is time for them to hand over the baton stick to someone else, or that the notion of a default repo is removed all together
keisborg
·в прошлом году·discuss
Exactly this. And when a base image has a new release, all images based on this will also need an update
keisborg
·в прошлом году·discuss
It is not immediately clear to me if the limit is per repo/package or globally in the hub. For instance, I fear it will not be possible to add a new kubernetes node to my cluster without hitting the limit as it would need to pull all the individual images.