| require 'msf/core' | |
| class Metasploit3 < Msf::Exploit::Remote | |
| Rank = ExcellentRanking | |
| include Msf::Exploit::Remote::HttpServer::HTML | |
| def initialize(info = {}) | |
| super(update_info(info, | |
| 'Name' => 'NetGear UPnP CSRF', |
| Tried to make a payment on aliexpress this weekend. | |
| Turns out the payment processor (wlp-acs.com), after a first valid SMS code check, is requesting my bank secret password. | |
| Didn't give it, no way I'm giving it so the payment was rejected. | |
| For information the identifier for accounts on this bank is written on every cheque you make. | |
| See screenshot below : | |
| I called the bank this morning, and they assured me this is normal that it is "required by law", they call it "second factor". |
| #include <dlfcn.h> | |
| #include <execinfo.h> | |
| typedef void (*cxa_throw_type)(void *, void *, void (*) (void *)); | |
| cxa_throw_type orig_cxa_throw = 0; | |
| void load_orig_throw_code() | |
| { | |
| orig_cxa_throw = (cxa_throw_type) dlsym(RTLD_NEXT, "__cxa_throw"); | |
| } |
| The Trouble With Terminals | |
| Thu, 16 Dec 2010 16:43:20 -0800 | |
| Copyright 2010 Kevin Goodsell | |
| 0. License | |
| This work is licensed under a Creative Commons | |
| Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a |
There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.
These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.
The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.
| From self[at]sungpae.com Mon Nov 8 16:59:48 2021 | |
| Date: Mon, 8 Nov 2021 16:59:48 -0600 | |
| From: Sung Pae <self[at]sungpae.com> | |
| To: security@docker.com | |
| Subject: Permissive forwarding rule leads to unintentional exposure of | |
| containers to external hosts | |
| Message-ID: <YYmr4l1isfH9VQCn@SHANGRILA> | |
| MIME-Version: 1.0 | |
| Content-Type: multipart/signed; micalg=pgp-sha256; | |
| protocol="application/pgp-signature"; boundary="QR1yLfEBO/zgxYVA" |
| import os | |
| import socket | |
| import struct | |
| # These constants map to constants in the Linux kernel. This is a crappy | |
| # way to get at them, but it'll do for now. | |
| RTMGRP_LINK = 1 | |
| NLMSG_NOOP = 1 | |
| NLMSG_ERROR = 2 |
Updated: Just use qutebrowser (and disable javascript). The web is done for.
| // Just before switching jobs: | |
| // Add one of these. | |
| // Preferably into the same commit where you do a large merge. | |
| // | |
| // This started as a tweet with a joke of "C++ pro-tip: #define private public", | |
| // and then it quickly escalated into more and more evil suggestions. | |
| // I've tried to capture interesting suggestions here. | |
| // | |
| // Contributors: @r2d2rigo, @joeldevahl, @msinilo, @_Humus_, | |
| // @YuriyODonnell, @rygorous, @cmuratori, @mike_acton, @grumpygiant, |
Whenever the topic of Bitcoin's energy usage comes up, there's always a flood of hastily-constructed comments by people claiming that their favourite cryptocurrency isn't like Bitcoin, that their favourite cryptocurrency is energy-efficient and scalable and whatnot.
They're wrong, and are quite possibly trying to scam you. Let's look at why.
There are plenty of intricate and complex articles trying to convince you that cryptocurrencies are the future. They usually heavily use jargon and vague terms, make vague promises, and generally give you a sense that there must be something there, but you always come away from them more confused than you were before.