HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dnet

no profile record

Submissions

Unauthenticated RCE as Qsecofr via IBM i Management Central

blog.silentsignal.eu
2 points·by dnet·เดือนที่แล้ว·0 comments

comments

dnet
·4 เดือนที่ผ่านมา·discuss
In newer versions, it's disabled by default and you have to do something like this to enable in ~/.ssh/config:

    Host *
    EnableEscapeCommandline yes
dnet
·7 เดือนที่ผ่านมา·discuss
See https://doctorow.medium.com/como-is-infosec-307f87004563

> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.
dnet
·10 เดือนที่ผ่านมา·discuss
I assume the scanner is a separate library/service that receives the contents and returns a boolean safe/malicious result, and the implementation using MD5 to avoid expensive re-scans is an internal detail hidden from the caller.
dnet
·11 เดือนที่ผ่านมา·discuss
While the default is indeed to lock the entire database, it has been an option for 15 years to avoid this: https://www.sqlite.org/wal.html