Char

@Char@noc.social
85 Followers
146 Following
1.1K Posts
Engineer interested in cyber security, cloud and other technologies.
Gitlabhttps://gitlab.com/Hack_Char
Bloghttps://hack-char.dev
If you’re wondering why half the internet broke tonight for a short period, TCS accidentally hijacked Cloudflare.HT @ssamulczyk

Don't tie your identity to your job. Jobs are temporary, often ending unpredictably. When your identity is your work, your mental health is impacted horribly when your job security is at risk or you get let go.

I've seen multiple folks in cyber suffer from this, some barely surviving the ordeal.

Are you ready? DEF CON 33 Workshop registration goes live at noon PDT tomorrow, July 15!

The full workshop lineup and HumaniTix links are available on the website (https://defcon.org/html/defcon-33/dc-33-workshops.html) and on Hacker Tracker.

Godspeed and good luck to all of you!

#defcon #workshops #registration #quickdraw #defcon33

General reminder:

The domain name putty.org is *NOT* run by the #PuTTY developers. It is run by somebody not associated with us, who uses the domain to interpose advertising for their unrelated commercial products. We do not endorse those products in any way, and we have never given any kind of agreement for PuTTY's name to be used in promoting them.

Please do not perpetuate the claim that putty.org is the PuTTY website. If anyone is linking to it on that basis, please change the link. The PuTTY website is https://www.chiark.greenend.org.uk/~sgtatham/putty/ and it always has been.

You can check this by downloading the source code, which cites that URL in many places (the README, the documentation, some strings in the actual code), or by using the "Visit Web Site" menu options in the official Windows binaries (the ones signed with my personal Authenticode certificate). The true PuTTY website is the one that PuTTY itself says it is.

Many search engines list putty.org above chiark. I don't know if this is due to active SEO on the part of the domain owner, or a heuristic in the rankings. Either way, don't believe them. It's not our site.

PuTTY: a free SSH and Telnet client

if anybody knows anybody at the UN Umoja (the UN's shared services), get them to patch these boxes for CitrixBleed2 and reset all sessions (including AAA) - there's somebody from Chinese state logged into them going brrr for the past three weeks.

Everyone panic it's a ../ in tar! 😉

https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of \"Member name contains '..'\" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain \"x -> ../../../../../home/victim/.ssh\" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal.

17 and two 19 year old teens picked up over Co-op and M&S hacks, and a 20 year old woman.

Pretend to be surprised.

https://www.bbc.com/news/articles/cwykgrv374eo

Four arrested in connection with M&S and Co-op cyber attacks

Three men and one woman - aged between 17 and 20 - have been arrested in London and the Midlands.

The advanced persistent teenager trend continues

https://cyberplace.social/@GossiTheDog/114828655814248826

Kevin Beaumont (@GossiTheDog@cyberplace.social)

17 and two 19 year old teens picked up over Co-op and M&S hacks, and a 20 year old woman. Pretend to be surprised. https://www.bbc.com/news/articles/cwykgrv374eo

Cyberplace

NO AI!

DRAW!

Stickers by Anthony Ho

#ai #drawing #art #miyazaki #stickers

hxxps://www.instagram.com/p/DLkcvFGKKID/

14-hour+ global blackout at Ingram Micro halts customer orders

Exclusive: Fears mount while distie remains silent and phone lines down

The Register