Mastodawn

Just open sourced the new https://MadeInCanada.social website, feel free to send pull requests to add new platforms, I am working on a new section for Canadian servers (like mstdn.ca, lemmy.ca, pixelfed.ca) and more!

https://codeberg.org/MadeInCanada/website

Made in Canada - Canadian Social Media Alternatives

Discover Canadian-made social media alternatives like Pixelfed and Loops. Privacy-focused, open-source platforms built by Canadians who prioritize community over profit.

Made in Canada.social

leE Brotherston Jan 21

Fun Ticketmaster design flaw: if you change your email address, it locks out your current one before you’ve verified the new one.

So if you typo the address or something, you can’t verify it, and so cannot log in with either, switch back to the old address, or fix the typo in the new one. Win!

leE Brotherston Jan 20

Vulnerabilities in telnetd. Why wasn’t this released by gobbles as a post to bugtraq?!

leE Brotherston Jun 25, 2024

So, federalreserve.gov doesn't even have it's cloudflare configured properly. So that's a good sign to start with :)

$ badflare -h federalreserve.gov
'federalreserve.gov' has IP(s) which are part of the Cloudflare network
Found "real" (non-Cloudflare) host: 63.71.14.191
Found "real" (non-Cloudflare) host: 132.200.132.69
Found "real" (non-Cloudflare) host: 132.200.132.70
Found "real" (non-Cloudflare) host: 132.200.132.75
Found "real" (non-Cloudflare) host: 132.200.132.76

leE Brotherston May 10, 2024

They only mention C/C++ & Rust in the post (I think), but unless I've missed something anything that can cross compile to WASM (e.g. golang) can be used too.... So that's cool: https://toot.yosh.is/@yosh/112416059107592804

yosh (@[email protected])

Yesssssss!!!! It’s now possible to write VS Code extensions using WASI 0.2 and Wasm Components! https://code.visualstudio.com/blogs/2024/05/08/wasm It doesn’t yet eliminate the need for TypeScript in extensions, but it certainly provides a more compelling experience than managing sub-processes and bespoke RPC calls - as is common in extensions using languages other than JS/TS.

Mastodon

leE Brotherston Nov 28, 2023

So... the postgres client library (and hence a number of 3rd party clients) dies with a double free malloc omg wtf bbq, if you try to connect to postgres over TLS with OpenSSL 3.2.0.

So that's nice.

leE Brotherston Oct 30, 2023

Congrats to Oracle/Zoom for sending an email and site it links to, that is so badly constructed that I spent time trying to work out where the phish happens or malware is dropped.

leE Brotherston Oct 3, 2023

So what do we think? Like Shell Shock all over again, where people start discovering all the shell scripts they have that use curl and they didn't realize?

https://mastodon.social/@bagder/111167662713737288

leE Brotherston Sep 26, 2023

When you go to the effort of installing signal to do crimes, but don't turn on expiring messages

https://arstechnica.com/tech-policy/2023/09/sec-obtains-wall-street-firms-private-chats-in-probe-of-whatsapp-signal-use/

SEC obtains Wall Street firms’ private chats in probe of WhatsApp, Signal use

Execs' "messages discussing business have been handed to the SEC," report says.

Ars Technica

leE Brotherston Sep 26, 2023

Here in Canada we have another breach (https://www.bornincident.ca/) which is a result of the moveit breach (https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-CVE-2023-35036-June-9-2023).

Looking at the moveit response, it reads like their fix for a server side SQL injection vulnerability is to update the clients. Hopefully I'm missing something and they didn't just add client-side filters to mitigate a server issue 😳

MOVEit Cybersecurity Incident

BORN Ontario was impacted by a cybersecurity breach caused by a vulnerability in our file transfer software, Progress MOVEit. 

BORN Incident

GitHub	https://github.com/LeeBrotherston
OpsHelm (work)	https://www.opshelm.com/
BlueSky	https://bsky.app/profile/synackpse.bsky.social