Although “0day” is most commonly used in the context of severe security issues exploited in the wild, its only real meaning is that a flaw was revealed publicly without a patch being available. Although the Confluence thing I tweeted is one, in context it’s not a systemic threat
-
-
I think the fact the private key was extracted (which I didn’t do) slightly qualifies but yes it’s pretty marginal.
-
The private key was sitting in plain sight. Any time an HTTPS connection referred to by DNS name connects to localhost (as described in the Atlassian documentation), one should probably assume shenanigans.https://twitter.com/wdormann/status/1202267460235337728 …
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.