Craig Young

@craigtweets

I hack all the things (but only most of the time). ***These tweets are my own and may not reflect views of Tripwire.***

Atlanta, GA
Vrijeme pridruživanja: rujan 2008.

Tweetovi

Blokirali ste korisnika/cu @craigtweets

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @craigtweets

  1. Prikvačeni tweet
    7. sij
    Odgovor korisnicima

    External attempts to exploit flaw will include HTTP requests with ‘/../’ and ‘/vpns/’ in the URL and/or custom headers containing traversal patterns (e.g. ‘/../’).

    Poništi
  2. proslijedio/la je Tweet
    1. velj

    I thought that simply sharing this dystopian video proudly shared by the Chinese gov would be adequate for people to ruminate on, but I’ll be more direct and note that civilians being surveilled and yelled at by drones is probably not a very good omen for global tech & privacy.

    Poništi
  3. proslijedio/la je Tweet
    30. sij

    Thanks for this! "Why Public Wi-Fi is a Lot Safer Than You Think" I keep saying that: Wifi security is largely irrelevant.

    Poništi
  4. proslijedio/la je Tweet
    24. sij

    This McDonalds has the best french fries of any McDonalds we've ever built before. We are very, very confident that it cannot be robbed.

    Poništi
  5. 25. sij

    Call a vulnerability by a dog's name one time and it follows you around for life. No Google News, this Goldendoodle is not a GOLDENDOODLE padding oracle.

    Poništi
  6. proslijedio/la je Tweet

    Previously, n-day exploitation was a lot rarer, but the cybercrime economy has shifted a lot in recent years. With the rise of ransomware and notable widespread attacks like NotPetya & WannaCry, not patching efficiently has become much more of a risk to organizations.

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    24. sij

    Zu Potsdamer Hackerangriff: Ich hab eine Liste mit für die Citrix-Lücke verwundbaren hosts vom 14.1., da sind zwei mit einem hostnamen "[dot]potsdam[dot]de".

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    13. sij

    great root cause analysis of the Citrix NetScaler/ADC CVE-2019-19781 vuln: incoming path not canonicalized, so ".." causes file to be treated differently (CWE-41/CWE-57 "pathname equivalence") --> incorrect authorization (CWE-863) --> file write using directory traversal (CWE-23)

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    12. sij

    Threat actors scanning for an unpatched vulnerability according to and . And, says he's made a working exploit for the flaw.

    Poništi
  10. proslijedio/la je Tweet
    11. sij

    We've added detection for the Citrix vulnerability (CVE-2019-19781). If you've configured Shodan Monitor () then you will automatically get notified if any of your devices are impacted.

    Poništi
  11. 11. sij

    So it looks like will receive a fix this month.

    Poništi
  12. 11. sij

    FWIW - I have enabled the mitigation even on an unlicensed appliance. I don't know what this tweet is about.

    Poništi
  13. proslijedio/la je Tweet
    11. sij

    Nothing says "have a nice weekend" better than releasing a zero day exploit on a late Friday evening

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    10. sij

    After Citrix revealed a critical vulnerability impacting its ADC and Gateway products, hackers have started to scan the Internet for vulnerable systems, security researchers report. via cc

    Poništi
  15. 10. sij
    Poništi
  16. proslijedio/la je Tweet

    Attackers exploiting critical Citrix ADC, Gateway flaw, company yet to release fixes - -

    Poništi
  17. proslijedio/la je Tweet
    9. sij

    Have reproduced Citrix SSL VPN pre-auth RCE successfully on both local and remote. Interesting bug!

    Poništi
  18. 9. sij

    "Die Möglichkeit, dass ein unauthorisierter Remote-Angreifer beliebige Befehle auf einer Security-Appliance wie einem VPN-Gateway ausführen kann, ist eines der schlimmsten Szenarien, die man sich vorstellen kann" via

    Poništi
  19. 8. sij

    As promised, I've documented some additional information from research into . There is a bit of misleading information out there so I hope this will clear the air a bit. cc:

    Poništi
  20. 7. sij

    External attempts to exploit flaw will include HTTP requests with ‘/../’ and ‘/vpns/’ in the URL and/or custom headers containing traversal patterns (e.g. ‘/../’).

    Poništi
  21. proslijedio/la je Tweet
    7. sij

    Ab heute benachrichtigt CERT-Bund deutsche Netzbetreiber zu / -Gateways, auf denen der vom Hersteller dringend empfohlene () für die CVE-2019-19781 noch nicht implementiert wurde. (1/3)

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·