Wir lassen das einfach mal kommentarlos so stehen.

https://www.golem.de/news/modern-solution-it-experte-wegen-nutzung-einer-zugriffssoftware-verurteilt-2401-181296.html

https://www.postfix.org/smtp-smuggling.html

"SMTP Smuggling" vulnerability in Postfix allows to spoof senders even in the presence of some DMARC checks. Configuration workarounds exist.

Also, a wholehearted f* you to SEC Consult, who sat on this since June and disclosed it to some closed-source vendors and MSPs, but could apparently not be bothered to give e.g. Postfix a heads-up, publishing this close to the holidays.

Boosts for awareness welcome.

Edit: So this has kinda blown up. and especially because the author of the SEC advisory is going to have a slot at 37C3, I would like to add something important: I intentionally wrote "SEC Consult" above, not "$individual". Do not start harassing that person. For all we know, this is a corporate failure and the individual would actually appreciate guidance and tips. That does not mean to not ask the hard questions, but keep the framing in mind. They might genuinely have been told by their managers that that is how responsible disclosure works.

Hi Leute!
Schon seit vielen Jahren spielen wir P&P und wir haben den Podcast #Questcast aufgebaut um andere Menschen ins Hobby zu bringen.
Wie spielen zusammen in wechselnder Besetzung Cthulhu, DSA, Starfinder, D&D...
Und ganz wichtig dabei? Spaß für Spieler*innen und Zuhörer*innen!

Falls ihr reinhören mögt
Spotify: https://open.spotify.com/show/00r8yqETN7HimLCWbl6MqG?si=17979c8c5d5d451b
Blog/: https://questcast.de/
Discord: https://discord.gg/hZz7uP9f3V

(Neue Folge Cthulhu TANZFLEISCH frisch hochgeladen!)
Sharing is caring  <3
#pnpde

Security analysis and vulnerabilities of TETRA (Terrestrial Trunked Radio)
Great research work by Carlo Meijer, Wouter Bokslag and Jos Wetzels

Paper: https://uploads-ssl.webflow.com/64a2900ed5e9bb672af9b2ed/64d42fcc2e3fdcf3d323f3d9_All_cops_are_broadcasting_TETRA_under_scrutiny.pdf

Slides: https://uploads-ssl.webflow.com/64a2900ed5e9bb672af9b2ed/64d430f4e17d98ba0e38996a_Presentations%20-%20US-23-Meijer-All-Cops-Are-Broadcasting.pdf

Repo: https://github.com/MidnightBlueLabs/TETRA_crypto

#tetra #wireless #infosec

guide to choosing a programming language, variation on a meme

javascript: you just want to get shit done in a browser

php: you just want to get shit done on a web server

python: you don't care how long it takes to run

c: you care how long it takes to run but refuse to learn how C++ exceptions work

java: my condolences but at least you're getting paid

bash: you just want to get shit done

perl: you last wanted to get shit done in 2002

rust: you are very tired of C++ exploding in your face

c++: you spent ten years learning how exceptions work and are not giving up now just because it explodes in your face

pascal: you are enjoying your classic Mac hobby

excel: the entire company gets shit done with this one spreadsheet