#AudioMo day 2 - #fingerprotocol

https://bsky.app/profile/booyaatheelder.bsky.social/post/3mnd2cbgbis26

#smolnet

RE: https://social.lol/@brennan/116640822237311953

🖥️ Three protocols that have their own ecosystems, their own communities, and their own aesthetics:

finger://
gopher://
gemini://

🗓️ Two predate the World Wide Web entirely, but one was created in 2019

🚫 None of them require a GUI

🚫 None of them require JavaScript

🖥️ All three of them run in a terminal

#gemini #gopher #finger #GeminiProtocol #GopherProtocol #FingerProtocol #internet #protocol #terminal #NoGUI #NoJavaScript #NoJS

Três protocolos com seus próprios ecossistemas, comunidades e estéticas:

finger://
gopher://
gemini://

Dois precedem a World Wide Web, mas um foi criado em 2019

Nenhum deles requer interface gráfica

Nenhum deles requer JavaScript

Todos os três funcionam num terminal

https://brennan.day/gemini-gophers-and-fingers-oh-my-alternative-internets-beyond-https/

#gemini #gopher #finger #GeminiProtocol #GopherProtocol #FingerProtocol #internet #protocol #terminal #NoGUI #NoJavaScript #NoJS

Gemini, Gophers, and Fingers. Oh My! Alternative Internets Beyond HTTPS

https://brennan.day/gemini-gophers-and-fingers-oh-my-alternative-internets-beyond-https/

#GeminiProtocol #GopherProtocol #FingerProtocol #HTTP

The Finger Protocol seems to have had an alternative unofficial TCP-port, other than TCP-port 79.

TCP-port 2003

It was used by GNU cfinger.

TCP-port 2003 would not typically require 'root' privileges — in systems that require 'root' privileges for TCP-ports less-than 1024.

#FingerProtocol #Fingerverse #FingerHole #smallNet #smallWeb #smolNet #smolWeb

Fun-Fact: Jeder #GopherProtocol Client ist auch in der Lage, auf einen #fingerprotocol Server zuzugreifen:

curl gopher://malte70.de:79/0myip

Nur sieht die URL wegen dem Gopher-Item-Type nicht so schön aus wie eine im SmallWeb/SmolWeb anzutreffende Finger-URL:

finger://malte70.de/myip

#gopher #finger #SmallWeb #smolweb

Morning, cyber pros! It's been a bit light on news over the last 24 hours, but we've still got some critical updates to chew on. We're looking at a major data breach, an actively exploited RCE vulnerability, an old protocol making a malicious comeback, and a significant legal crackdown on North Korean illicit activities. Let's dive in:

Logitech Hit by Clop Extortion ⚠️
- Hardware giant Logitech has confirmed a data breach following an extortion claim by the Clop gang, who leaked 1.8 TB of data.
- The breach stemmed from a third-party zero-day vulnerability, likely CVE-2025-61882 in Oracle E-Business Suite, which Clop actively exploited in July 2025.
- While Logitech states no sensitive national ID or credit card data was compromised, the incident highlights Clop's consistent use of zero-days in mass data theft campaigns, previously seen with Accellion, GoAnywhere, and MOVEit.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/logitech-confirms-data-breach-after-clop-extortion-attack/

RondoDox Botnet Exploiting XWiki RCE 🛡️
- The RondoDox botnet is actively exploiting CVE-2025-24893, a critical eval injection vulnerability (CVSS 9.8) in unpatched XWiki instances, to achieve arbitrary code execution.
- This flaw allows any guest user to execute remote code via a request to the "/bin/get/Main/SolrSearch" endpoint, and has been in the wild since at least March 2025.
- CISA added this to its KEV catalog, urging federal agencies to patch by November 20th. Exploitation attempts have surged, with RondoDox adding these devices to its botnet for DDoS attacks, alongside other actors deploying crypto miners and reverse shells.

📰 The Hacker News | https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html

'Finger' Protocol Abused for Malware Delivery 🕵️
- Threat actors are leveraging the decades-old 'finger' protocol (TCP port 79) to retrieve and execute remote commands on Windows devices in recent ClickFix malware attacks.
- The technique involves piping the output of a 'finger' command (e.g., `finger [email protected][.]org`) directly into `cmd.exe`, causing the retrieved commands to run locally.
- Observed campaigns deliver Python-based infostealers or NetSupport Manager RAT, with some variants including anti-analysis checks for tools like Wireshark and Process Hacker. Defenders should block outgoing traffic to TCP port 79.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/decades-old-finger-protocol-abused-in-clickfix-malware-attacks/

US Cracks Down on North Korean IT Worker Fraud ⚖️
- Five U.S. citizens have pleaded guilty to assisting North Korea's illicit revenue generation by enabling IT worker fraud, impacting over 136 U.S. companies and generating $2.2 million for the DPRK regime.
- The schemes involved using stolen U.S. identities, hosting company laptops in "laptop farms," and facilitating remote access to make it appear workers were in the U.S.
- This legal action, alongside the forfeiture of over $15 million in cryptocurrency stolen by APT38 (BlueNoroff), underscores ongoing efforts to disrupt North Korea's funding for its weapons programmes.

📰 The Hacker News | https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html

#CyberSecurity #ThreatIntelligence #DataBreach #Clop #Ransomware #ZeroDay #Vulnerability #RCE #XWiki #Botnet #DDoS #Malware #FingerProtocol #ClickFix #NorthKorea #DPRK #APT38 #BlueNoroff #Cybercrime #InfoSec #IncidentResponse #PatchManagement