mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.6K
active users

#cve

34 posts16 participants0 posts today
Karl Voit :emacs: :orgmode:<p>"If it’s smart, it’s vulnerable"</p><p>Schöne neue IT-Welt:</p><p>"Durch die <a href="https://graz.social/tags/Sicherheitsl%C3%BCcken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitslücken</span></a> haben es die Forscher geschafft, eine Root-Shell auf einem <a href="https://graz.social/tags/Bose" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bose</span></a>-Lautsprecher zu erhalten, und dann davon in ein <a href="https://graz.social/tags/Autoradio" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Autoradio</span></a> von <a href="https://graz.social/tags/Panasonic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Panasonic</span></a> einzubrechen. Somit kann man sich von einem <a href="https://graz.social/tags/AirPlay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AirPlay</span></a>- und <a href="https://graz.social/tags/CarPlay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CarPlay</span></a>-Gerät zum nächsten hacken."</p><p>"Außerdem beschwerten sich die Forscher, dass <a href="https://graz.social/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> ein Rate-Limit zum Übermitteln von <a href="https://graz.social/tags/Schwachstellen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Schwachstellen</span></a> hat – nach 16 CVEs gibt es die Meldung, man könne weitere Lücken erst am nächsten Tag melden."</p><p>"In einer Live-Demo zeigte er, wie man [...] eine Socket-Kommunikation trotz geblocktem Port bei der <a href="https://graz.social/tags/Defender" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Defender</span></a>-Firewall durchführen kann, komplett vorbei am <a href="https://graz.social/tags/Betriebssystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Betriebssystem</span></a>. Auch bei <a href="https://graz.social/tags/UEFI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UEFI</span></a>-Malware bleibt es also ein ewiges Katz-und-Maus-Rennen."</p><p><a href="https://www.heise.de/news/Black-Hat-If-it-s-smart-it-s-vulnerable-10513370.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Black-Hat-If-it-</span><span class="invisible">s-smart-it-s-vulnerable-10513370.html</span></a></p><p><a href="https://graz.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://graz.social/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://graz.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a></p>
todb in Vegas<p>W/R/T <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a></p><p>1) This is still a thing: <a href="https://resist.bot/petitions/PWDDUS" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">resist.bot/petitions/PWDDUS</span><span class="invisible"></span></a></p><p>Makes it easy to pester Congress about the CVE program. </p><p>2) I was reminded of this bit of Internet history: <a href="https://www.pigdog.org/auto/digital_gar_gar_gar/shortfeature/605.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pigdog.org/auto/digital_gar_ga</span><span class="invisible">r_gar/shortfeature/605.html</span></a></p><p>It was written in 1999, about 3 months before CVE came on this scene. It’s snarky. But there was no DNS Fairy, either.</p>
todb in Vegas<p>Hey, ask the <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> project your uncomfortable questions starting in 10m at <a href="https://infosec.exchange/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon</span></a> policy, W234 second level. go!</p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: heap-buffer-overflow-in-curl-memdup-via-curlopt-copypostfields-curlopt-postfieldsize-mismatch-geeknik - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-heap-buffer-overflow-in-curl-memdup-via-curlopt-copypostfields-curlopt-postfieldsize-mismatch-geeknik/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-heap-buffer-overflow-in-curl-memdup-via-curlopt-copypostfields-curlopt-postfieldsize-mismatch-geeknik/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>

#libsoup #cve is marked as insecure and
#bambu-studio depends on libsoup and is the reason I can't build my #nixos

just takes me to long to find this.
Is there a faster way to see which config packages depends on?

nix why-depends ?