491 Photos and videos
I have analyzed a smart garage door opener from @merosshome.
This was a really fun project which lead to be able to open random garages.
infosec.rm-it.de/2021/06/18/…
2
3
5
You can just host a server under a default hostname that the client will periodically try to connect to.
As a puppet server you can just automatically have SYSTEM privileges on the VM, see here for the full journey to get there:
infosec.rm-it.de/2025/02/17/…
2
1
2
154
@puppetize are you aware that Microsoft deployed your agent in those VMs and distributed them?
63
Another case of "AI demo posted on vendor website is just plain wrong". This is currently on the @github Copilot site (github.com/features/copilot).
The prompt is "how do i copy all the files bigger than 128k" and it answers:
"find . -size 128k"
This doesn't copy anything.
1
1
92
✅ OpenSSH too old for CVE-2024-6387
"Security through obsolescence"
CentOS 7 is the real security hero this week! 💪
✅ cURL too old for CVE-2023-38545
✅ glibc too old for CVE-2023-4911 / Looney Tunables
✅ httpd too old for CVE-2023-44487 or any HTTP/2 support
7
616
Roman retweeted
1 Jul 2024
✅ sshd too old for CVE-2024-6387 / regreSSHion
1
3
285
Wow, RCE in OpenSSH!
"A critical vulnerability in sshd(8) was present in Portable OpenSSH versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges."
Note: portable here means, non-OpenBSD versions. This does affect Linux versions
1
1
165
Apple decided that circumventing a warning shown on emails where the from and reply-to addresses don't match is not a security issue.
Well, then I publicly disclose the issue.
infosec.rm-it.de/2024/06/24/…
1
3
2
304