Код в мешке
249 subscribers
9.08K photos
1.6K videos
2.11K files
42.7K links
Код в мешке - про кодинг, и не только...
Это личная записная книжка

https://t.me/joinchat/AAAAAEIy6oGlr8oxqTMS5w
Download Telegram
Forwarded from Deleted Account
По этому юзайте почту на Proton и Tutanota. Не реклама
Forwarded from TechToday News
#Vulnerability #Microsoft #Apple #iOS #MacOS #report

Abusing RFC-1342 to spoof email addresses: Most mail clients are vulnerable!

TL;DR: Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC (DKIM/SPF) or spam filters.

Bugs were found in over 30 applications, including prominent ones like Apple Mail (macOS, iOS and watchOS), Mozilla Thunderbird, various Microsoft email clients, Yahoo! Mail, ProtonMail and others.

In addition to the spoofing vulnerability, some of the tested applications also proved to be vulnerable to XSS and code injection attacks.

https://www.mailsploit.com/index

https://docs.google.com/spreadsheets/d/1jkb_ZybbAoUA43K902lL-sB7c1HMQ78-fhQ8nowJCQk
Forwarded from TechToday News
#Vulnerability #Report

Protonmail XSS — Stored

It’s Series of Vulnerability which i found in the Protonmail Web app and also IOS app, and only publishing two now related to Protonmail.

https://medium.com/@ChandSingh/protonmail-xss-stored-b733031ac3b5
Forwarded from TechToday News
#Vulnerability #Microsoft #Report

PoC Code Available for Microsoft Edge Remote Code Execution Bug

The flurry of security bugs Microsoft addressed with this month's rollout of updates includes a remote code execution vulnerability in Edge web browser. The glitch relies on abusing URI schemes and scripts in Windows that can run with user-defined parameters.

https://www.bleepingcomputer.com/news/security/poc-code-available-for-microsoft-edge-remote-code-execution-bug/

https://xakep.ru/2018/10/12/edge-rce/

https://leucosite.com/Microsoft-Edge-RCE/

Multiple vulnerabilities in Microsoft Edge:
CVE-2018-8473
CVE-2018-8509
CVE-2018-8512
CVE-2018-8530
CVE-2018-8503
CVE-2018-8505
CVE-2018-8510
CVE-2018-8511
CVE-2018-8513
https://www.cybersecurity-help.cz/vdb/SB2018100916
Forwarded from TechToday News
#Vulnerability #Google #Linux #Windows #MacOS #Report

Multiple vulnerabilities in Google Chrome

Severity: High
Patch available: YES
Number of vulnerabilities: 35

The Chrome team is delighted to announce the promotion of Chrome 71 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.
Chrome 71.0.3578.80 contains a number of fixes and improvements -- a list of changes is available in the log.

https://www.cybersecurity-help.cz/vdb/SB2018120506

https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
Forwarded from TechToday News
#Vulnerability #Exploit #Article

Exploiting the Magellan bug on 64-bit Chrome Desktop

In December 2018, the Tencent Blade Team released an advisory for a bug they named “Magellan”, which affected all applications using sqlite versions prior to 2.5.3. In their public disclosure they state that they successfully exploited Google Home using this vulnerability. Despite several weeks having passed after the initial advisory, no public exploit was released. We were curious about how exploitable the bug was and whether it could be exploited on 64-bit desktop platforms. Therefore, we set out to create an exploit targeting Chrome on 64-bit Ubuntu.

https://blog.exodusintel.com/2019/01/22/exploiting-the-magellan-bug-on-64-bit-chrome-desktop/
Forwarded from Deleted Account
Internet = подключение уязвимого устройства к другому уязвимому устройству через уязвимые маршрутизаторы
Forwarded from TechToday News
#Vulnerability #Hack #Hardware #Network #Article

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE

With this research, I’m going to answer the question that has had to be answered for quite a time: to what extent is Marvell WiFi FullMAC SoC (not) secure. Since the wireless devices with the analyzed chip aren’t fully researched by the community yet, they may contain a tremendous volume of unaudited code, which may result in severe security issues swarming devices equipped with WLAN cards. At the outset, I should mention that this article is based on the info I presented during my ZeroNights 2018 talk. So, feel free to have a look at the original slides here There are also some notable researches on the subject of wireless SoC security. For example, Google Project Zero published a series of blog posts starting in April 2017 describing exploitation of Broadcom Wi-Fi stack on smartphones. This topic was also discussed at theBlackHat 2017 conference. Some smartphone baseband exploits write-ups might help understand the techniques used to reverse engineer firmware of wireless SoC.

https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
Forwarded from TechToday News
#Hack #Security #Router #Report

EternalSilence: Why your router may be at risk from this NSA tool

Do you trust your router to keep you safe from hackers and spies? You may want to take another look just to make sure.

Akamai recently discovered a malware campaign that has already compromised over 45,113 home and office routers. This was done using a tool based on the United States of America’s NSA hacking tools which were leaked online in 2017. To explain how hackers use this tool to turn your router into a proxy server, we first have to understand how UPnP works.

https://www.securityartwork.es/2019/01/14/eternalsilence-why-your-router-may-be-at-risk-from-this-nsa-tool/
Forwarded from TechToday News
#Vulnerability #Router #Network #Article

UPnP, Vulnerability As A Feature That Just Won’t Die

UPnP — in a perfect world it would have been the answer to many connectivity headaches as we add more devices to our home networks. But in practice it the cause of a lot of headaches when it comes to keeping those networks secure.

It’s likely that many Hackaday readers provide some form of technical support to relatives or friends. We’ll help sort out Mom’s desktop and email gripes, and we’ll set up her new router and lock it down as best we can to minimise the chance of the bad guys causing her problems. Probably one of the first things we’ll have all done is something that’s old news in our community; to ensure that a notorious vulnerability exposed to the outside world is plugged, we disable UPnP on whatever cable modem or ADSL router her provider supplied.

https://hackaday.com/2019/01/14/upnp-vulnerability-as-a-feature-that-just-wont-die/
Forwarded from Deleted Account
Поэтому вам нужно иметь dnscrypt.
Это где такое взять посмотреть можно? Хочу себя поискать
Или где прочекать свою почту?
Forwarded from Alex
Слушайте, сейчас готовлю ноут для человека. Какой браузер сейчас самый менее жручий в плане памяти?
Forwarded from Alex
@Eddi_Crash Вот прям огромное спасибо ) кажется даже я слимджет захотел погонять )