iRODS HTTP API v0.6.0 is released!

This release makes the HTTP API compatible with iRODS 5, improves compatibility with earlier versions of iRODS, expands support for targeting replicas for I/O operations, improves write performance to data objects, and removed OAuth client mode (supporting only protected resource mode now).

Dockerfiles for EL8 and EL9 have been added to make building packages easier.

https://github.com/irods/irods_client_http_api/releases/tag/0.6.0

#irods #cpp #http #oidc #datamanagement

Tell me a new weird character sequence with special meaning in the scope of the web.

#:~:

What? Why not

#$ß✓*

could have been similarly unique and new.🤣 🤦‍♀️

But here we go: https://developer.mozilla.org/en-US/docs/Web/URI/Reference/Fragment/Text_fragments

#web #browser #mdn #http #url

With newer #HAProxy installations on #Ubuntu 24.04 or #Debian 13, you might run into configuration errors if you simply copy existing HAProxy configurations from an older system.

Especially the backend servers #HTTP checks with the legacy "option httpchk" are now running into a configuration error.

https://www.claudiokuenzler.com/blog/1498/haproxy-option-httpchk-headers-body-end-version-string-unsupported

A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor

This analysis details a campaign involving two threat groups, UNC5518 and UNC5774, deploying the CORNFLAKE.V3 backdoor. UNC5518 compromises legitimate websites to serve fake CAPTCHA pages, luring visitors to execute a downloader script. UNC5774 then uses this access to deploy CORNFLAKE.V3, a sophisticated backdoor with variants in JavaScript and PHP. The malware collects system information, establishes persistence, and can execute various payloads including shell commands, executables, and DLLs. It communicates with command and control servers using HTTP and can abuse Cloudflare Tunnels for traffic proxying. The campaign also involves active directory reconnaissance and credential harvesting attempts via Kerberoasting.

Pulse ID: 68a6827e930a07d2130dda50
Pulse Link: https://otx.alienvault.com/pulse/68a6827e930a07d2130dda50
Pulse Author: AlienVault
Created: 2025-08-21 02:20:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CAPTCHA #Cloud #CredentialHarvesting #CyberSecurity #HTTP #InfoSec #Java #JavaScript #Malware #OTX #OpenThreatExchange #PHP #Proxy #bot #AlienVault

Why are anime catgirls blocking my access to the Linux kernel?

https://anonsys.net/display/bf69967c-3368-a6d6-f86d-bec306823413

Attacks Targeting Linux SSH Servers to Install SVF DDoS Bot

A recent attack on poorly managed Linux servers has been identified, involving the installation of SVF Botnet, a DDoS Bot malware developed in Python. The malware uses Discord as its C&C server and employs multiple proxy servers for DDoS attacks. The threat actor gains access through weak SSH credentials and installs the bot using specific commands. SVF Bot supports various DDoS attack methods, primarily L7 HTTP Flood and L4 UDP Flood. It uniquely utilizes public proxy addresses for HTTP flood attacks, enhancing its effectiveness. The malware can receive commands from the threat actor, turning infected Linux servers into DDoS Bots. To protect against such attacks, administrators are advised to use strong passwords, regularly update systems, and implement security measures like firewalls.

Pulse ID: 68a5a890aad2db48780163d5
Pulse Link: https://otx.alienvault.com/pulse/68a5a890aad2db48780163d5
Pulse Author: AlienVault
Created: 2025-08-20 10:50:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CandC #CyberSecurity #DDoS #Discord #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #Proxy #Python #RAT #SSH #UDP #Word #bot #botnet #AlienVault

gemini://tilde.club/~ghodawalaaman/gemini.gmi

check this out. no need to jump to HTTP anymore, every information you can get over Gemini procotol.

#ai #gemini #geminiprotocol #protocol #gopher #http #tech

dear RFC committee, i'd like to propose a set of extended #HTTP status codes:

• 200.1 Okay, *sigh* fiiiiiine: the request succeeded, but the server is rather annoyed at the amount of work involved in processing it.
• 200.2 Okay, But Would You Look At The Time: the request succeeded, but the server wants to passive-aggressively hint that you've been interacting with the server way too much and it's probably time to leave.
• 300.1 Multiple Choices, Lifelines Available: the request has more than one possible response. The "Lifelines" header of the HTTP response indicates possible features that could make a proper choice easier. Repeating the request with the "Chosen-Lifeline" header activates that choice. For example, "Chosen-Lifeline: 50-50" requests the server to eliminate all but one wrong answer.
• 410.1 Gone, Be Back Later: the request involves a temporary resource that has since been removed, but the same or a similar one might appear later (for example, a holiday sale that happens every year). The headers "Expires" and "Content-Location" may indicate the future date and location of the returning page.
• 508.1 Weeeeee!: The server detected an infinite loop, which it found to be amusing, maybe someone should make it part of a rollercoaster.