Gitlab | https://gitlab.com/Hack_Char |
Blog | https://hack-char.dev |
Gitlab | https://gitlab.com/Hack_Char |
Blog | https://hack-char.dev |
Don't tie your identity to your job. Jobs are temporary, often ending unpredictably. When your identity is your work, your mental health is impacted horribly when your job security is at risk or you get let go.
I've seen multiple folks in cyber suffer from this, some barely surviving the ordeal.
Are you ready? DEF CON 33 Workshop registration goes live at noon PDT tomorrow, July 15!
The full workshop lineup and HumaniTix links are available on the website (https://defcon.org/html/defcon-33/dc-33-workshops.html) and on Hacker Tracker.
Godspeed and good luck to all of you!
General reminder:
The domain name putty.org is *NOT* run by the #PuTTY developers. It is run by somebody not associated with us, who uses the domain to interpose advertising for their unrelated commercial products. We do not endorse those products in any way, and we have never given any kind of agreement for PuTTY's name to be used in promoting them.
Please do not perpetuate the claim that putty.org is the PuTTY website. If anyone is linking to it on that basis, please change the link. The PuTTY website is https://www.chiark.greenend.org.uk/~sgtatham/putty/ and it always has been.
You can check this by downloading the source code, which cites that URL in many places (the README, the documentation, some strings in the actual code), or by using the "Visit Web Site" menu options in the official Windows binaries (the ones signed with my personal Authenticode certificate). The true PuTTY website is the one that PuTTY itself says it is.
Many search engines list putty.org above chiark. I don't know if this is due to active SEO on the part of the domain owner, or a heuristic in the rankings. Either way, don't believe them. It's not our site.
Everyone panic it's a ../ in tar! 😉
https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of \"Member name contains '..'\" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain \"x -> ../../../../../home/victim/.ssh\" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal.
17 and two 19 year old teens picked up over Co-op and M&S hacks, and a 20 year old woman.
Pretend to be surprised.
The advanced persistent teenager trend continues