Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @JLLeitschuh
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @JLLeitschuh
-
Prikvačeni tweet
This is my
#ZeroDay#PublicDisclosure of a security vulnerability impacting 4+ Million of@zoom_us's users who have the Zoom Client installed on Mac. Zoom had 90-days + two weeks to resolve this#vulnerability and failed to do so.https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5?source=friends_link&sk=efee51610d7aac4a2c58d89628b2980b …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jonathan Leitschuh → ShmooCon proslijedio/la je Tweet
“communication is key. let the researcher know that you’re working on a fix, and ask them for help”
@JLLeitschuh#shmooconpic.twitter.com/tf9PEdvGNa
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jonathan Leitschuh → ShmooCon proslijedio/la je Tweet
A day prior to the Travelex hack, its parent company was worth $2.1 Billion. A month later it is now worth $764 Million. The CEO owns 63% of the shares, which puts his personal loss around $850 Million.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I'm speaking at
@ShmooCon this Friday about the Zoom 0-Day! https://www.shmoocon.org/speakers/#zoom0day …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I just googled "jenkins csrf remote code execution" and what do I find but a GitHub GIST I published 11 months ago. Glad I put things where Google will help me find them later.https://gist.github.com/JLLeitschuh/1715fb23d0d6f11be1bb703198b0ae83 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jonathan Leitschuh → ShmooCon proslijedio/la je Tweet
PSA: Retrying flaky tests alone is just a fancy way of ignoring tests. You must also fix the underlying causes. Monday I'm going to do a 1-hour webcast about doing just that. Sign up here if you're interested: https://gradle.com/training/flaky-tests/?time=1580083200 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I could relate to thus so much. Worth the read!https://twitter.com/mspowahs/status/1219295042877214725 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The industry-wide decommission of HTTP in favor of HTTPS for JVM artifact servers is finally here! This is the culmination of several months of research I did back in the beginning of 2019. It's pretty awesome to see this security shift for an entire language ecosystem.https://twitter.com/sonatype_ops/status/1217494086090985472 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jonathan Leitschuh → ShmooCon proslijedio/la je Tweet
Tomorrow, 1/15, we will be enforcing HTTPS for all connections to Maven Central. Any unencrypted requests to Central will result in a 501 error. See the following blog post for additional context on this change.https://blog.sonatype.com/central-repository-moving-to-https …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jonathan Leitschuh → ShmooCon proslijedio/la je Tweet
Want to give feedback on CodeQL? Want to share your query writing experience, or get community help? Want to discuss all things security? Join our slack workspace: https://join.slack.com/t/ghsecuritylab/shared_invite/enQtODg5MzkzNDQxODI1LTJlZWZlNWY3NTNkMDliNjlmMWM3ZWUyNjFlNjgwOTZlZDZhZWRkYzA5NTE3NTUxN2I0ODllN2MyY2VlMDAyOWY …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jonathan Leitschuh → ShmooCon proslijedio/la je Tweet
Update: Want to take over the Java ecosystem? All you need is a MITM!
@JLLeitschuh suggests Jan 13-15, 2020 will break 21% of the industry’s#Java build infrastructure. 6 months on since his initial article, where are we now and what does the future hold? https://hubs.ly/H0mwlKl0 pic.twitter.com/UMieffecAZ
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
CVE-2017-18638: A module I submitted to
@detectify for detecting a#SSRF vulnerability in Graphite is now live! Here's@orange_8361's original writeup about exploiting this vuln as part of an exploit chain for a $12,500 Bug Bounty from@githubhttps://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html#second-bug-internal-graphite-ssrf …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Curses! My SSRF exploit seems to have been prevented by docker's --cap-drop=all configuration.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thanks to
@gradle,@sonatype (@ASFMavenProject), &@jfrog for joining this initiative to help safeguard the security of the JVM supply chain!Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Warning to JVM Developers
January 13th-15th, 2020 will break over 21% of the industry’s Java/JVM build infrastructure.
Major ecosystem artifact servers will only be supporting HTTPS after this date!https://medium.com/@jonathan.leitschuh/update-want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-d069d253fe23?source=friends_link&sk=8c8e52a7d57b98d0b7e541665688b454 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
MD5: 344aab9758bb0d018b93739e7893fb3a
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jonathan Leitschuh → ShmooCon proslijedio/la je Tweet
I love Hacking's Not a Game by Gregory B. White (of
@ciascybersec fame). Teaches young kids that their actions (not just hacking) have consequences. Will definitely buy this book for the little ones I know. https://www.archwaypublishing.com/Bookstore/BookDetail.aspx?BookId=SKU-001151390 …pic.twitter.com/342g69rs81
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jonathan Leitschuh → ShmooCon proslijedio/la je Tweet
Your Java builds might break starting January 13th (if you haven't yet switched repo access to HTTPS) https://www.alphabot.com/security/blog/2020/java/Your-Java-builds-might-break-starting-January-13th.html …pic.twitter.com/EyCmE2zgTG
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
True story, I have experience with this vuln in the real world. Couldn't convince the impacted organization to fix the issue though.https://twitter.com/JLLeitschuh/status/1214249572698120192 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
CVE-2019-10758: I was the one to report this issue to the maintainers (and created the initial RCE POC). I spotted it thanks to
@LGTM which had a query that reported this issue.https://twitter.com/TheHackersNews/status/1213171143131033600 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.