Paged Out! #5 is out! Enjoy!
https://pagedout.institute/
And if you like the cover, check out the 8K wallpaper by Mark Graham (downloadable on our website)!

https://bird.makeup/@pagedout_zine/1858799166505234848

Finally got to publish the CVE for a "forever-day" path traversal in the .NET library DotNetZip affecting all releases since 2018. Enjoy, the PoC is in the patch! #CVE_2024_48510

https://www.cve.org/CVERecord?id=CVE-2024-48510

I try to reconstruct the design process of PAN-OS web services:
- Let's require authentication on all interfaces, because security!
- ...but we need some stuff to be accessible pre-auth 🤔
- Let's define a skeleton key that can be passed to us by another parser that have 0 concept of what needs to be authenticated!

Am I missing something?

#PaloAlto

@wdormann to paraphrase: good software is expensive, but bad software is even more expensive.

@wdormann And still, companies will continue to pay insane money to buy these boxes of high-end engineering.

[RSS] Pluralistic: Canada's ground-breaking, hamstrung repair and interop laws (15 Nov 2024)

https://pluralistic.net/2024/11/15/radical-extremists/#sex-pest

@gsuberland also https://warhammer40k.fandom.com/wiki/Golden_Throne

@gsuberland This perfectly illustrates most days at dev/ops jobs too.

Boost this toot if you're planning on sticking around Mastodon whether or not it's more popular than Bluesky.

If only Sun Microsystems had purchased Apple when it had the chance, we could have had this magnificent device
https://alecmuffett.com/article/110670
#SunMicrosystems #apple

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 - watchTowr Labs https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/

@hnsec These posts are our go-to sources these days for Montoya dev, thank you!

We’ve just published on the @hnsec blog the seventh article on the creation of extensions for @burp_suite "Extending Burp Suite for fun and profit - The Montoya way", by @apps3c.

Topic: using the #Collaborator in #BurpSuite plugins

https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-7/

Extending Burp Suite for fun and profit - The Montoya way - Part 7 (Using the Collaborator) https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-7/

@joxean She clearly wasn't the mastermind behind the heist...

[RSS] Heather 'Razzlekhan' Morgan sentenced to 18 months in prison, ending Bitfinex saga

https://therecord.media/razzlekhan-bitfinex-sentenced-18-months-bitcoin-laundering

The Crocodile of Wall Street spends some time in the sewers... https://www.youtube.com/watch?v=_DIuPPmY9mw

This week my brain is completely stuck on wanting an Alphasmart Neo. Half of my brain knows that buying tech to write a novel with is not actually the same as writing my novel. The other half of my brain... wants the tech. But also, just look at it, isn't it perfect?

#TrustYourTechnolust

The report of the #FreeBSD audit conducted by @masthoon and @jbcayrou is finally out!
https://freebsdfoundation.org/blog/strengthening-freebsd-addressing-vulnerabilities-through-synacktivs-code-audit/

@quad @hj tbh if it turned out that Google no longer has a reason to fund Mozilla, making Mozilla even more stagnant, and at the same time the new owner of Chrome tried putting things behind paywalls to squeeze revenue out of chrome, enshitiffied it in the process, making people dowmgrade...

And then both browsers went bankrupt

Like if it turned out endlessly adding new JS APIs wasn't sustainable

I think that would be a pretty good outcome.

[RSS] Salamander/MIME - Just because it's encrypted doesn't mean it's secure | Lutra Security

https://lutrasecurity.com/en/articles/salamander-mime/