And Transmission64 is live. Head on over to https://t64.to/watch .

#c64 #demoparty #demoscene

Moooooommmmm!!

through the machine-generated metadata and look at the titles of each blog post. For those that are recognized as new (it uses a small ini file for config and caching), then it asks whether to publish to my syndication targets (currently mastodon & bluesky), similar to how `git add -p` would. Simple URL+title as the suggestion but allows to reply with yes/no/edit to improve what is being posted. Source here:

https://github.com/freddyb/homepage/blob/main/rss2posse.py

I wrote some cool scripts that I want to share with the world but I do not want to start being in the business of maintaining another open source project. I guess I will just describe it in my blog and tell the world that it's cool and they can use it?

Anyway, I now have an #indieweb #POSSE python script for my homepage.
Whenever I build my blog, it also generates an XML Atom feed (many static site generators do that). After adding an article and building, I can loop ... 1/2

Handling Cookies is a Minefield:

inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.

https://grayduck.mn/2024/11/21/handling-cookies-is-a-minefield/

David Schinazi mentioned @april's cookie blog post and I'm sorry but I had to do a "I told you so".

On the httpbis list.

https://lists.w3.org/Archives/Public/ietf-http-wg/2024OctDec/0231.html

Code ligatures suck ass.

How to debug Windows service processes in the most old-school possible way...

https://www.hexacorn.com/blog/2024/11/23/how-to-debug-windows-service-processes-in-the-most-old-school-possible-way/

We found our first #Y2K38 bug today, in #Keycloak‘s Client credential rotation feature. https://github.com/keycloak/keycloak/issues/35104

Will probably not be the last one - the runup to 2038 will be interesting.

HOPE XV videos just dropped on YouTube! https://www.youtube.com/channel2600

What's with the "/.js.map" addition to the URI in the first request to a vulnerable server?

Usually PHP installations will be set up with the web server to handle PATH_INFO as passed arguments to a PHP endpoint. For example, a request URI to /target.php/lol.wtf will result in the PHP web server treating "target.php" as the endpoint code to run, and passing "lol.wtf" as a PATH_INFO sent to PHP.

This is all fine and good, EXCEPT for when app authors configure the server to handle endpoints differently depending on what the URI target is. For example, I might say that targets ending in .txt are perfectly safe, so I don't need to do any of that pesky security stuff. So, if I configure my web server to handle requests targeting *.txt to do something, I need to realize that a request for /target.php/lol.txt is NOT a request that is targeting lol.txt. It is targeting target.php, and "lol.txt" is passed to it via PATH_INFO.

What's happening in CVE-2024-0012?
Palo Alto is handling locations that end in .js.map don't need to bother with setting X-pan-AuthCheck header values (no inclusion of proxy_default.conf)

The problem? a request to anything.php/.js.map will match the nginx directive for the location, but at the same time will be sent to anything.php. This isn't the first time such semantic ambiguity leads to vulnerabilities in software. The same technique was used to exploit OwnCloud's CVE-2023-49103:
By requesting "GetPhpInfo.php/.css", an attacker is able to bypass all of the Apache rewrite rules, since the URI ends in .CSS and CSS files are harmless. 😂

Except whoever wrote those rules was apparently unaware of Apache's AcceptPathInfo configuration behavior.

Trellix: When Guardians Become Predators: How Malware Corrupts the Protectors
A malware campaign drops a legitimate Avast Anti-Rootkit driver (BYOVD) to terminate security processes, disable protective software, and seize control of the infected system. Indicators of compromise provided.

#byovd #avast #ioc #threatintel #infosec #cybersecurity #cyberthreatintelligence #cti