gyorb

@[email protected]
18 Followers
343 Following
155 Posts

Software engineer learning new things every day.

Interested in #cybersecurity, #privacy, #go, #linux, #selfhost

websitehttps://gyorban.net
codeberghttps://codeberg.org/gyorb
githubhttps://github.com/gyorb
gyorbMar 29
buheratorMar 29
To celebrate the failure of Hungarian Railways (MÁV) to properly switch to DST, here's the famous list of

Falsehoods Programmers Believe About Time

https://gist.github.com/timvisee/fcda9bbdff88d45cc9061606b4b923ca
Falsehoods programmers believe about time, in a single list

Falsehoods programmers believe about time, in a single list - falsehoods-programming-time-list.md

Gist
gyorbMar 27
Team KeePassXCMar 27
🚨 Warning: New FAKE website offering FAKE KeePassXC downloads! Do not fall for it. The correct domain is https://keepassxc.org without hypens!
gyorbMar 13
Security BSidesLjubljanaMar 13

IT'S HAPPENING.

#BSidesLjubljana 0x7EA is LIVE.

Ljubljana, let's go. 🔥

#BSidesLjubljana #InfoSec #Cybersecurity

gyorbMar 10
RebaneMar 9

did you know that SSH has a little-known secret menu?

i wrote a post about this on cohost a while back, but since that site shut down i'm posting it here too

gyorbMar 10
Stephen Rees-Carter Mar 9

Without an `exp` claim, a JWT can remain valid forever, turning a leaked token into permanent access.

https://securinglaravel.com/security-tip-your-jwt-might-be-a-forever-key/ #Laravel

Security Tip: Your JWT Might Be a Forever Key!

[Tip #127] Without an `exp` claim, a JWT can remain valid forever, turning a leaked token into permanent access.

Securing Laravel
gyorbMar 10
0xor0neMar 9

Cybersecurity blog posts, writeups, papers, and tools

https://github.com/0xor0ne/awesome-list

#infosec

gyorbFeb 26
Rachel BarkerFeb 25

Today's sysadmin discovery:

So, for all that I like Debian, one big sticking point I've had with it is that when you install a package which contains a system service, even if it was pulled in as a dependency of something else, that service gets auto-enabled, with a default configuration.

That has always felt like bad security practice to me, as it means any update can suddenly expose new services to the outside world without warning. It's also subtly broken my setup on at least two different occasions.

Fortunately, there is a way to change the default policy, so that new services only get enabled when you tell them to be:

https://manpages.debian.org/trixie/systemd/systemd.preset.5.en.html (example 1)

Definitely going to put that in my ansible configs!

systemd.preset(5) — systemd — Debian trixie — Debian Manpages

gyorbFeb 23
r1cksecFeb 22

This post describes how to execute code on every Pod in many Kubernetes clusters when using a service account with nodes/proxy GET permissions

https://grahamhelton.com/blog/nodes-proxy-rce

#infosec #cybersecurity #redteam #pentest

Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission

An authorization bypass in Kubernetes RBAC allows for nodes/proxy GET permissions to execute commands in any Pod in the cluster.

Graham Helton
gyorbFeb 14
DB TechFeb 11

Huge news for container users! Docker Hardened Images (DHI) are now FREE! Enhanced security for Alpine, Debian, & 1000+ images. Docker handles base image CVEs & boosts supply chain trust. #selfhost #homelab

More Info: https://www.docker.com/blog/hardened-images-free-now-what/

gyorbFeb 11
Windy cityFeb 11

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things lmao.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841

#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology