Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @esizkur
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @esizkur
-
Ralf (RPW) proslijedio/la je Tweet
I... Look, I enjoy spending money for goods and services. When you pull crap like this I want to go back to physical books. This is disgusting, Amazon. You don't need this level of data to delight customers.https://twitter.com/adrjeffries/status/1222277544730337280 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet
Remote shell metacharacter injection and command-execution as root in an SMTP server... what year is it again?https://twitter.com/window/status/1222345450629423104 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet
I just fixed another Holy Grail bug!! This one caused several games to hang, such as Sonic Pinball Arcade (https://mgba.io/i/301 ) and Hello Kitty Collection - Miracle Fashion Maker (https://mgba.io/i/1320 ). This bug has been vexing me for 3 and a half years!
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet


for all who have worked for a better web and a better world at Mozilla.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet
There’s two new pre-auth RCE with CVSS score 9.8 in RD Gateway, commonly used to protect RDP servers (adds MFA etc). RD Gateway is a (great, btw) Enterprise solution for protecting those RDP boxes. You probably want to patch these. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609 … https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Less than 7 hours after the patch for CVE-2020-0601 was dropped,
@saleemrash1d seems to have reproduced it. Hopefully y'all have patched already...https://twitter.com/matthew_d_green/status/1217246161440051200 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet
I think that vulnerability scoring should have these two added in access vector terms.... Or is this mental?pic.twitter.com/MJpoUEeQWT
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet
Some speculation on CVE-2020-0601. Earlier version of Windows cryptography API only supported a handful of elliptic curves from NIST suite-B. It could not handle say an arbitrary prime-curve in Weierstrass form with user defined parameters 1/N
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet
NEW:
@tqbf along with several other cryptographers speculate on how CVE-2020-0601 works at a technical level: https://news.ycombinator.com/item?id=22048619 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thinking about this for another minute, it seems unlikely however: I would expect MSFT to rate exploitation likeliness lower in that case. Hmm...
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Given that ChainLogMSRC54294Error()'s output is formatted like "CA: <%s> sha1: %s para: %s otherPara: %s" I begin to wonder whether CVE-2020-0601 might be related to the recent advances on SHA-1 chosen prefix collisions [https://eprint.iacr.org/2020/014 ]...
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Also, note that MSFT logs exploitation attempt [ChainLogMSRC54294Error()].
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
OK, this explains the call to ChainComparePublicKeyParametersAndBytes() in ChainGetSubjectStatus():pic.twitter.com/73kigQtgw9
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet
The NSA advisory is much more helpful than Microsoft's.https://twitter.com/DAlperovitch/status/1217157353658818562 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"Certificates containing explicitly-defined elliptic curve parameters which only partially match a standard curve are suspicious, especially if they include the public key for a trusted certificate, and may represent bona fide exploitation attempts." [https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF …]
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet
Now that it's all public: 1) CVE-2020-0601 - Windows doesn't properly validate X.509 certificate chains. https://www.kb.cert.org/vuls/id/849224/ 2) CVE-2020-0609, CVE-2020-0610 - Windows Remote Desktop Gateway (not to be confused with RDP proper) unauthenticated RCE.https://www.kb.cert.org/vuls/id/491944/
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
So CVE-2020-0601 is an ECC signature verification bypass: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet
Debuggers suck, not using a debugger sucks, and you suck. https://robert.ocallahan.org/2019/11/your-debugger-sucks.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet
Unlink heap exploitation was introduced in the year 2000 by Solar Designer as the first generic heap exploitation technique. It's been mitigated in glibc and most allocators for 15+ years. Think it's dead? Not in modern day uClibc http://blog.infosectcbr.com.au/2019/11/uclibc-unlink-heap-exploitation.html … by
@infosectcbrHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ralf (RPW) proslijedio/la je Tweet
Amazing compendium of failures of "provable security": https://eprint.iacr.org/2019/1336 . I saw a preprint months ago and the shock value of the huge lists still hasn't worn off. I think (and hope) this will put an end to the delusion that provable-security failures are isolated mistakes.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.