xoron :verified:<p>File encryption with a browser.</p><p>I've been exploring the <a href="https://infosec.exchange/tags/WebCryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebCryptoAPI</span></a> and I'm impressed!</p><p>When combined with the <a href="https://infosec.exchange/tags/FileSystemAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FileSystemAPI</span></a>, it offers a seemingly secure way to <a href="https://infosec.exchange/tags/encrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encrypt</span></a> and <a href="https://infosec.exchange/tags/store" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>store</span></a> files directly on your device. Think <a href="https://infosec.exchange/tags/localstorage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>localstorage</span></a>, but with <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a>!</p><p>I know <a href="https://infosec.exchange/tags/webapps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webapps</span></a> can have <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> vulnerabilities since the code is served over the web, so I've <a href="https://infosec.exchange/tags/OpenSourced" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSourced</span></a> my demo! You can check it out, and it should even work if <a href="https://infosec.exchange/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosted</span></a> on <a href="https://infosec.exchange/tags/GitHubPages" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubPages</span></a>.</p><p>Live Demo: <a href="https://dim.positive-intentions.com/?path=/story/usefs--encrypted-demo" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dim.positive-intentions.com/?p</span><span class="invisible">ath=/story/usefs--encrypted-demo</span></a></p><p>Demo Code: <a href="https://github.com/positive-intentions/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/positive-intentions</span><span class="invisible">/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js</span></a></p><p>Hook Code: <a href="https://github.com/positive-intentions/dim/blob/staging/src/hooks/useFS.js" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/positive-intentions</span><span class="invisible">/dim/blob/staging/src/hooks/useFS.js</span></a></p><p>IMPORTANT NOTES (PLEASE READ!):<br> * This is NOT a product. It's for <a href="https://infosec.exchange/tags/testing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>testing</span></a> and <a href="https://infosec.exchange/tags/demonstration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>demonstration</span></a> purposes only.<br> * It has NOT been reviewed or audited. Do NOT use for sensitive data.<br> * The "password encryption" currently uses a hardcoded password. This is for demonstration, not security.<br> * This is NOT meant to replace robust solutions like <a href="https://infosec.exchange/tags/VeraCrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VeraCrypt</span></a>. It's just a <a href="https://infosec.exchange/tags/proofofconcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proofofconcept</span></a> to show what's possible with <a href="https://infosec.exchange/tags/browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>browser</span></a> <a href="https://infosec.exchange/tags/APIs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APIs</span></a>.</p><p><a href="https://infosec.exchange/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> <a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptography</span></a> <a href="https://infosec.exchange/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://infosec.exchange/tags/Frontend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Frontend</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebDevelopment</span></a> <a href="https://infosec.exchange/tags/Coding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Coding</span></a> <a href="https://infosec.exchange/tags/Developer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Developer</span></a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a> <a href="https://infosec.exchange/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://infosec.exchange/tags/MastodonDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MastodonDev</span></a> <a href="https://infosec.exchange/tags/Programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Programming</span></a> <a href="https://infosec.exchange/tags/WebStandards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebStandards</span></a> <a href="https://infosec.exchange/tags/FileSystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FileSystem</span></a> <a href="https://infosec.exchange/tags/WebAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAPI</span></a> <a href="https://infosec.exchange/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofOfConcept</span></a></p>
med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon
Administered by:
Server stats:
362active users
med-mastodon.com: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#proofofconcept
0 posts · 0 participants · 0 posts today
xoron :verified:<p>React-like functional webcomponents, but with vanilla HTML, JS and CSS</p><p>Introducing Dim – a new <a href="https://infosec.exchange/tags/Framework" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Framework</span></a> that brings <a href="https://infosec.exchange/tags/ReactJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReactJS</span></a>-like functional <a href="https://infosec.exchange/tags/JSX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JSX</span></a>-syntax with <a href="https://infosec.exchange/tags/VanillaJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VanillaJS</span></a>. Check it out here:<br>🔗 Project: <a href="https://github.com/positive-intentions/dim" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/positive-intentions</span><span class="invisible">/dim</span></a><br>🔗 Website: <a href="https://dim.positive-intentions.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">dim.positive-intentions.com</span><span class="invisible"></span></a></p><p>My journey with <a href="https://infosec.exchange/tags/WebComponents" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebComponents</span></a> started with Lit, and while I appreciated its native browser support (less <a href="https://infosec.exchange/tags/Tooling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tooling</span></a>!), coming from <a href="https://infosec.exchange/tags/ReactJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReactJS</span></a>, the class components felt like a step backward. The <a href="https://infosec.exchange/tags/FunctionalProgramming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FunctionalProgramming</span></a> approach in React significantly improved my <a href="https://infosec.exchange/tags/DeveloperExperience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeveloperExperience</span></a> and debugging flow.</p><p>So, I set out to build a thin, functional wrapper around <a href="https://infosec.exchange/tags/Lit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lit</span></a>, and Dim is the result! It's a <a href="https://infosec.exchange/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofOfConcept</span></a> right now, with "main" <a href="https://infosec.exchange/tags/Hooks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hooks</span></a> similar to React, plus some custom ones like useStore for <a href="https://infosec.exchange/tags/EncryptionAtRest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EncryptionAtRest</span></a>. (Note: <a href="https://infosec.exchange/tags/StateManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StateManagement</span></a> for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore <a href="https://infosec.exchange/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a> options like <a href="https://infosec.exchange/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAuthn</span></a>/#Passkeys).</p><p>You can dive deeper into the <a href="https://infosec.exchange/tags/Documentation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Documentation</span></a> and see how it works here:<br>📚 Dim Docs: <a href="https://positive-intentions.com/docs/category/dim" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">positive-intentions.com/docs/c</span><span class="invisible">ategory/dim</span></a></p><p>This <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> project is still in its early stages and very <a href="https://infosec.exchange/tags/Unstable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Unstable</span></a>, so expect <a href="https://infosec.exchange/tags/BreakingChanges" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BreakingChanges</span></a>. I've already received valuable <a href="https://infosec.exchange/tags/Feedback" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Feedback</span></a> on some functions regarding <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a>, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!</p><p><a href="https://infosec.exchange/tags/FrontendDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FrontendDev</span></a> <a href="https://infosec.exchange/tags/JSFramework" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JSFramework</span></a> <a href="https://infosec.exchange/tags/Innovation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Innovation</span></a> <a href="https://infosec.exchange/tags/Coding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Coding</span></a> <a href="https://infosec.exchange/tags/Programmer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Programmer</span></a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@mrgrumpymonkey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mrgrumpymonkey</span></a></span> it is.</p><p>One can repartition Windows installations on the fly whilst running (and even then there are tools like <a href="https://infosec.space/tags/Wubi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wubi</span></a> that made it easy to setup <a href="https://infosec.space/tags/dualboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dualboot</span></a> <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> & <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a>.</p><ul><li>ISOLINUX does allow for <em>"load image into RAM and boot"</em> setups. I literally use that on <span class="h-card" translate="no"><a href="https://infosec.space/@OS1337" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>OS1337</span></a></span> because no system that can boot it will have > 16 MB RAM anyway ( 8 MB is the hard limit for bare linux kernel) so merely making Windows' bootloader to chainload <a href="https://infosec.space/tags/isolinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>isolinux</span></a> to load that image in RAM and yeet it isn't out of the question.</li></ul><p>I just have neither a <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> machine nor time and spoons to make such a tool, much less to basically create even said <em><a href="https://infosec.space/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofOfConcept</span></a> "<a href="https://infosec.space/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>"</em>…</p><ul><li>But thanks to <a href="https://infosec.space/tags/GoldenKeyBoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoldenKeyBoot</span></a>, <a href="https://infosec.space/tags/CensorBoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CensorBoot</span></a> is unfixably insecure!</li></ul>
Matasoft<p>🧪 Not sure if AI-powered spreadsheets are right for you? Start with a proof of concept! Download (Un)Perplexed Spready, request a free evaluation period, and test it on your actual data challenges. See the transformation firsthand before committing! 🔍 <a href="https://mstdn.business/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofOfConcept</span></a> <a href="https://mstdn.business/tags/TryBeforeBuy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TryBeforeBuy</span></a> <a href="https://matasoft.hr/qtrendcontrol/index.php/un-perplexed-spready/un-perplexed-spready-download" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">matasoft.hr/qtrendcontrol/inde</span><span class="invisible">x.php/un-perplexed-spready/un-perplexed-spready-download</span></a></p>
Variety<p>Proof of Concept Filmmakers Debut at L.A. Showcase: ‘These Helmers Can Start Shaping and Remaking the Industry,’ Says Cate Blanchett<br><a href="https://mastodon.social/tags/Variety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Variety</span></a> <a href="https://mastodon.social/tags/Events" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Events</span></a> <a href="https://mastodon.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://mastodon.social/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofofConcept</span></a></p><p><a href="https://variety.com/2025/artisans/news/cate-blanchett-proof-of-concept-short-films-la-showcase-1236382766/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">variety.com/2025/artisans/news</span><span class="invisible">/cate-blanchett-proof-of-concept-short-films-la-showcase-1236382766/</span></a></p>
Alessandro<p>Sto portando avanti il progetto immich-fuse... Funziona! 🚀 </p><p><a href="https://alorenzi.eu/2025/04/13/immich-fuse.html?v1" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">alorenzi.eu/2025/04/13/immich-</span><span class="invisible">fuse.html?v1</span></a></p><p><a href="https://livellosegreto.it/tags/immich" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>immich</span></a> <a href="https://livellosegreto.it/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a> <a href="https://livellosegreto.it/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://livellosegreto.it/tags/development" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>development</span></a> <a href="https://livellosegreto.it/tags/POC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>POC</span></a> <a href="https://livellosegreto.it/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofOfConcept</span></a></p>
Su_G<p><span class="h-card" translate="no"><a href="https://sauropods.win/@futurebird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>futurebird</span></a></span> </p><p>You've convinced me! Bringing back extinct lichen is a great way to do proof of concept for bringing back extinct organisms, 🙂 </p><p><a href="https://aus.social/tags/proofOfConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proofOfConcept</span></a> <br><a href="https://aus.social/tags/lichen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lichen</span></a> <a href="https://aus.social/tags/Extinct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Extinct</span></a></p>
Die Kehrseite - UpSideDown<p>Gib niemals einem kleinen Geist Macht über ein großes Land.</p><p><a href="https://mastodon.social/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofOfConcept</span></a></p>
Kevin Veen-Birkenbach<p>💡 Today, I built a Proof of Concept: a dynamic cryptocurrency miner! The idea was to use idle hardware resources to mine crypto. 🖥️💰</p><p>BUT... after some testing, I realized it's not worth it in Germany due to high energy costs ⚡ and low crypto prices 📉.</p><p>Check it out here (but I don’t recommend using it 😉): </p><p><a href="https://github.com/kevinveenbirkenbach/dynamic-miner" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kevinveenbirkenbach</span><span class="invisible">/dynamic-miner</span></a></p><p><a href="https://microblog.veen.world/tags/CryptoMining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoMining</span></a> <a href="https://microblog.veen.world/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofOfConcept</span></a> <a href="https://microblog.veen.world/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://microblog.veen.world/tags/TechExperiments" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechExperiments</span></a> <a href="https://microblog.veen.world/tags/DynamicMiner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DynamicMiner</span></a> <a href="https://microblog.veen.world/tags/EnergyCosts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EnergyCosts</span></a> <a href="https://microblog.veen.world/tags/CryptoPrices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoPrices</span></a> <a href="https://microblog.veen.world/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a> <a href="https://microblog.veen.world/tags/ETC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ETC</span></a> <a href="https://microblog.veen.world/tags/BTC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BTC</span></a> <a href="https://microblog.veen.world/tags/Bitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bitcoin</span></a> <a href="https://microblog.veen.world/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docker</span></a> <a href="https://microblog.veen.world/tags/Currency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Currency</span></a> <a href="https://microblog.veen.world/tags/Crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Crypto</span></a></p>
xoron :verified:<p><a href="https://positive-intentions.com/blog/introducing-decentralized-chat" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">positive-intentions.com/blog/i</span><span class="invisible">ntroducing-decentralized-chat</span></a></p><p>id like to share some details about how my app works so you can discover/give me feedback on my app. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify.</p><p>im not an expert on <a href="https://infosec.exchange/tags/cyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberSecurity</span></a>. im sure there are many gaps in my knowlege in this domain.</p><p>using <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>javascript</span></a>, i initially created a fairly basic <a href="https://infosec.exchange/tags/chatApp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chatApp</span></a> using using <a href="https://infosec.exchange/tags/peerjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>peerjs</span></a> to create <a href="https://infosec.exchange/tags/encrypted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encrypted</span></a> <a href="https://infosec.exchange/tags/webrtc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webrtc</span></a> <a href="https://infosec.exchange/tags/connections" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>connections</span></a>. this was then easily enhanced by exchanging additional <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> <a href="https://infosec.exchange/tags/keys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keys</span></a> from <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> functions built into browsers (<a href="https://infosec.exchange/tags/webcrypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webcrypto</span></a> api) to add a redundent layer of encryption. a <a href="https://infosec.exchange/tags/diffieHelman" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>diffieHelman</span></a> key <a href="https://infosec.exchange/tags/exchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exchange</span></a> is done over <a href="https://infosec.exchange/tags/webrtc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webrtc</span></a> (which can be considered <a href="https://infosec.exchange/tags/secure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secure</span></a> when exchanged over public channels) to create <a href="https://infosec.exchange/tags/serverless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>serverless</span></a> <a href="https://infosec.exchange/tags/p2p" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>p2p</span></a> <a href="https://infosec.exchange/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a>.</p><p>- i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have <a href="https://infosec.exchange/tags/openedSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openedSource</span></a> my <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> module. its basically a thin wrapper around vanilla cryptography functions of a <a href="https://infosec.exchange/tags/browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>browser</span></a> (webcrypto api).</p><p>- another concern for my kind of app (<a href="https://infosec.exchange/tags/PWA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PWA</span></a>) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for <a href="https://infosec.exchange/tags/selfhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosting</span></a>. selhosting this app has some unique features. unlike many other <a href="https://infosec.exchange/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosted</span></a> <a href="https://infosec.exchange/tags/projects" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>projects</span></a>, this app can be hosted on <a href="https://infosec.exchange/tags/githubPages" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>githubPages</span></a> (instructions are provided in the readme). im also working towards having better support for running the index.html directly without a static server.</p><p>- to prevent things like browser extensions, the app uses strict <a href="https://infosec.exchange/tags/CSP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSP</span></a> headers to prevent <a href="https://infosec.exchange/tags/unauthorised" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unauthorised</span></a> code from running. <a href="https://infosec.exchange/tags/selfhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosting</span></a> users should take note of this when setting up their own instance.</p><p>- i received feedback the <a href="https://infosec.exchange/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a>/#Simplex protocol is great. completely undertsandable and agree, but wonder if im reducing the <a href="https://infosec.exchange/tags/complexity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>complexity</span></a> by working with <a href="https://infosec.exchange/tags/webrtc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webrtc</span></a>. while it has its many flaws, i think risks can be reasonable mitigated if the <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> functions are implemented correctly. (all data out is <a href="https://infosec.exchange/tags/encrypted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encrypted</span></a> and all data in is <a href="https://infosec.exchange/tags/decrypted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decrypted</span></a> on-the-fly)</p><p>- the key detail that makes this approach unique, is because as a <a href="https://infosec.exchange/tags/webapp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webapp</span></a>, unlike other solutions, users have a choice of using any <a href="https://infosec.exchange/tags/device" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>device</span></a>/#os/#browser. while a webapp can have nuanced <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a>, i think by <a href="https://infosec.exchange/tags/openSourcing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSourcing</span></a> and providing instructions for <a href="https://infosec.exchange/tags/selfhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosting</span></a> and instructions to <a href="https://infosec.exchange/tags/build" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>build</span></a> for various <a href="https://infosec.exchange/tags/platforms" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>platforms</span></a>, it can provide a reasonable level of <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>.</p><p>i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the <a href="https://infosec.exchange/tags/frontend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>frontend</span></a> and the peerjs-server to be <a href="https://infosec.exchange/tags/hosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hosted</span></a> <a href="https://infosec.exchange/tags/independently" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>independently</span></a>, im on track for creating a <a href="https://infosec.exchange/tags/chatSystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chatSystem</span></a> with the "fewest moving parts". i hope you will agree this is true <a href="https://infosec.exchange/tags/p2p" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>p2p</span></a> and i hope i can use this as a step towards true <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>. <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> might be further improved by using a trusted <a href="https://infosec.exchange/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a>.</p><p>while there are several similar apps out there like mine. i think mine is distinctly a different approach. so its hard to find <a href="https://infosec.exchange/tags/bestPractices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bestPractices</span></a> for the functionalities i want to achieve. in particular <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> practices to use when using <a href="https://infosec.exchange/tags/p2p" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>p2p</span></a> technology.</p><p>(note: this app is an <a href="https://infosec.exchange/tags/unstable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unstable</span></a>, <a href="https://infosec.exchange/tags/experiment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>experiment</span></a>, <a href="https://infosec.exchange/tags/proofOfConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proofOfConcept</span></a> and not ready to replace any other app or service. It's far from finished and provided for <a href="https://infosec.exchange/tags/testing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>testing</span></a> and <a href="https://infosec.exchange/tags/demo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>demo</span></a> purposes only. This post is to get <a href="https://infosec.exchange/tags/feedback" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>feedback</span></a> on the progress to determine if i'm going in the right direction for a secure chat app)</p>
Tino Eberl<p><a href="https://mastodon.online/tags/KINews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KINews</span></a></p><p><a href="https://mastodon.online/tags/Gartner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gartner</span></a> prognostiziert, dass 30 % der generativen <a href="https://mastodon.online/tags/KIProjekte" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KIProjekte</span></a> nach dem <a href="https://mastodon.online/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofofConcept</span></a> (PoC) abgebrochen werden. Aber das ist nicht unbedingt schlecht: Ein <a href="https://mastodon.online/tags/PoC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PoC</span></a> ermöglicht es Unternehmen, <a href="https://mastodon.online/tags/Risiken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Risiken</span></a> und <a href="https://mastodon.online/tags/Machbarkeit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Machbarkeit</span></a> frühzeitig zu bewerten, <a href="https://mastodon.online/tags/Kosten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kosten</span></a> zu sparen und wertvolle Erfahrungen zu sammeln. So lassen sich ineffiziente Projekte stoppen, bevor sie teurer werden. Fazit: Ausprobieren lohnt sich und Abbrechen ist manchmal der bessere Weg. </p><p><a href="https://mastodon.online/tags/KI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KI</span></a> <a href="https://mastodon.online/tags/Projektmanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Projektmanagement</span></a></p><p><a href="https://tino-eberl.de/ki-news/gartner-30-der-ki-projekte-werden-nach-poc-abgebrochen-ja-gut-so/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tino-eberl.de/ki-news/gartner-</span><span class="invisible">30-der-ki-projekte-werden-nach-poc-abgebrochen-ja-gut-so/</span></a></p>
scops<p><span class="h-card" translate="no"><a href="https://social.panic.com/@panic" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>panic</span></a></span> <a href="https://social.tchncs.de/tags/Audion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Audion</span></a> (Viewer) as <a href="https://social.tchncs.de/tags/AppleMusic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppleMusic</span></a> controller is just awesome!</p><p>There is a github repo with some basic changes need to do to make it work: <a href="https://github.com/zydeco/audion/tree/applescript" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/zydeco/audion/tree/</span><span class="invisible">applescript</span></a></p><p>I build my self a version based on the lastest sources (<a href="https://gitlab.com/panicinc/audion" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gitlab.com/panicinc/audion</span><span class="invisible"></span></a>).</p><p>Sadly there are a few bugs. For example:<br>- The scrolling song title breaks out<br>- The interface settings dialog doesn’t work - it’s just a placeholder</p><p><a href="https://social.tchncs.de/tags/mp3player" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mp3player</span></a> <a href="https://social.tchncs.de/tags/musicplayer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>musicplayer</span></a> <a href="https://social.tchncs.de/tags/proofofconcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proofofconcept</span></a> <a href="https://social.tchncs.de/tags/retro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>retro</span></a> <a href="https://social.tchncs.de/tags/retrocomputing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>retrocomputing</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://tilde.zone/@lunch" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lunch</span></a></span> So you just admitted that you vomitted <a href="https://infosec.space/tags/FUD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUD</span></a> into my mentions without evidence?</p><p>If you're so smart, then why don't you sell your <a href="https://infosec.space/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a> / <a href="https://infosec.space/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofOfConcept</span></a> / <a href="https://infosec.space/tags/Whitepaper" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Whitepaper</span></a> to the highest bidder?</p><ul><li>I'm shure <a href="https://infosec.space/tags/Zerodium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Zerodium</span></a> and all the LEAs would try to outbid each other...</li></ul><p>Alas, your messages are just hot air, and not substantiated by anything...</p><p>At best your info is <a href="https://www.youtube.com/watch?v=-3BF_mE2e6M" rel="nofollow noopener" target="_blank">2+ years outdated</a>...</p>
Susan Larson ♀️🏳️🌈🏳️⚧️🌈<p><a href="https://mastodon.online/tags/CateBlanchett" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CateBlanchett</span></a> Is <a href="https://mastodon.online/tags/Pushing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pushing</span></a> for More <a href="https://mastodon.online/tags/Funding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Funding</span></a> for <a href="https://mastodon.online/tags/Women" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Women</span></a> and <a href="https://mastodon.online/tags/LGBTQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LGBTQ</span></a> <a href="https://mastodon.online/tags/Filmmakers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Filmmakers</span></a>, but She Wants to Know Why Nobody Asks <a href="https://mastodon.online/tags/Men" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Men</span></a> How to Fix It</p><p>The <a href="https://mastodon.online/tags/Oscar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Oscar</span></a>-<a href="https://mastodon.online/tags/winning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>winning</span></a> <a href="https://mastodon.online/tags/actor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>actor</span></a> was joined at <a href="https://mastodon.online/tags/Cannes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cannes</span></a> by her <a href="https://mastodon.online/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofofConcept</span></a> <a href="https://mastodon.online/tags/cofounders" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cofounders</span></a> <a href="https://mastodon.online/tags/CocoFrancini" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CocoFrancini</span></a> and Dr. <a href="https://mastodon.online/tags/StacySmith" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StacySmith</span></a> </p><p><a href="https://mastodon.online/tags/Women" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Women</span></a> <a href="https://mastodon.online/tags/Transgender" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Transgender</span></a> <a href="https://mastodon.online/tags/LGBTQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LGBTQ</span></a> <a href="https://mastodon.online/tags/LGBTQIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LGBTQIA</span></a> <a href="https://mastodon.online/tags/Entertainment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Entertainment</span></a> <a href="https://mastodon.online/tags/Movies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Movies</span></a> <a href="https://mastodon.online/tags/Representation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Representation</span></a> <a href="https://mastodon.online/tags/Culture" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Culture</span></a> </p><p><a href="https://variety.com/2024/film/markets-festivals/cate-blanchett-women-lgbtq-filmmakers-proof-of-concept-cannes-1236010112/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">variety.com/2024/film/markets-</span><span class="invisible">festivals/cate-blanchett-women-lgbtq-filmmakers-proof-of-concept-cannes-1236010112/</span></a></p>
Not Simon<p><strong>Palo Alto Networks</strong> released additional details about CVE-2024-3400: the fact that it is a combination of two bugs in PAN-OS; how an attacker was exploiting it; how disabling telemetry initially worked; and how they fixed it. The timeline from discovery to remediation encompasses the whole blog post. Overall a comprehensive after-action review from a company that notified the public almost immediately of an exploited zero-day. 🔗<a href="https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">paloaltonetworks.com/blog/2024</span><span class="invisible">/04/more-on-the-pan-os-cve/</span></a></p><p><a href="https://infosec.exchange/tags/CVE_2024_3400" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_3400</span></a> <a href="https://infosec.exchange/tags/PaloAltoNetworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PaloAltoNetworks</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploitation</span></a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eitw</span></a> <a href="https://infosec.exchange/tags/kev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kev</span></a> <a href="https://infosec.exchange/tags/KnownExploitedVulnerabilitiesCatalog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KnownExploitedVulnerabilitiesCatalog</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofofConcept</span></a> <a href="https://infosec.exchange/tags/PANOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PANOS</span></a> <a href="https://infosec.exchange/tags/IOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IOC</span></a></p>
Not Simon<p><strong>Zscaler</strong> observed exploitation of the Palo Alto Networks PAN-OS command injection zero-day vulnerability CVE-2024-3400 following the release of the PoC exploit code. Zscaler provides an attack flow diagram, and a technical analysis of the Upstyle backdoor and its layers. IOC provided. 🔗 <a href="https://www.zscaler.com/blogs/security-research/look-cve-2024-3400-activity-and-upstyle-backdoor-technical-analysis" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">zscaler.com/blogs/security-res</span><span class="invisible">earch/look-cve-2024-3400-activity-and-upstyle-backdoor-technical-analysis</span></a></p><p><a href="https://infosec.exchange/tags/CVE_2024_3400" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_3400</span></a> <a href="https://infosec.exchange/tags/PaloAltoNetworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PaloAltoNetworks</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploitation</span></a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eitw</span></a> <a href="https://infosec.exchange/tags/kev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kev</span></a> <a href="https://infosec.exchange/tags/KnownExploitedVulnerabilitiesCatalog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KnownExploitedVulnerabilitiesCatalog</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofofConcept</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/IOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IOC</span></a></p>
Not Simon<p><strong>Cisco</strong> released 3 security advisories:</p><ul><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb" rel="nofollow noopener" target="_blank">CVE-2024-20356</a> (8.7 high) Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability</li><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww" rel="nofollow noopener" target="_blank">CVE-2024-20373</a> (5.3 medium) Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability</li><li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ" rel="nofollow noopener" target="_blank">CVE-2024-20295</a> (8.8 high) Cisco Integrated Management Controller CLI Command Injection Vulnerability</li></ul><p>Please note that a proof of concept was publicly disclosed for CVE-2024-20295 before it was patched, making this a zero-day. The Cisco PSIRT is not aware of any malicious use of the vulnerabilities that were described in these advisories. But don't take my word for it, go check them out yourself.</p><p><a href="https://infosec.exchange/tags/Cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cisco</span></a> <a href="https://infosec.exchange/tags/PatchTuesday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchTuesday</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/proofofconcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proofofconcept</span></a> <a href="https://infosec.exchange/tags/CVE_2024_20356" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_20356</span></a> <a href="https://infosec.exchange/tags/CVE_2024_20373" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_20373</span></a> <a href="https://infosec.exchange/tags/CVE_2024_20295" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_20295</span></a></p>
Not Simon<p><strong>Cisco</strong> zero-day (PoC publicly disclosed): Cisco Integrated Management Controller CLI Command Injection Vulnerability CVE-2024-20295 (8.8 high) 🔗 <a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">sec.cloudapps.cisco.com/securi</span><span class="invisible">ty/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ</span></a></p><blockquote><p>A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device.</p><p>This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.</p><p><strong>The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.</strong></p></blockquote><p><a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/proofofconcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proofofconcept</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/Cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cisco</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/CVE_2024_20295" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_20295</span></a></p>
Not Simon<p><strong>TrustedSec</strong> CTO Justin Elze shared CVE-2024-3400 exploit in the wild on Twitter yesterday, reports that <code>149.28.194.95</code> was attempting to exploit CVE-2024-3400 </p><p><a href="https://infosec.exchange/tags/CVE_2024_3400" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_3400</span></a> <a href="https://infosec.exchange/tags/PaloAltoNetworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PaloAltoNetworks</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploitation</span></a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eitw</span></a> <a href="https://infosec.exchange/tags/kev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kev</span></a> <a href="https://infosec.exchange/tags/KnownExploitedVulnerabilitiesCatalog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KnownExploitedVulnerabilitiesCatalog</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofofConcept</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/IOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IOC</span></a></p>
Not Simon<p>In case you missed it, <strong>Palo Alto Networks</strong> updated their security advisory in terms of product and mitigation guidance, exploit status, and PAN-OS fix availability: 🔗 <a href="https://security.paloaltonetworks.com/CVE-2024-3400" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security.paloaltonetworks.com/</span><span class="invisible">CVE-2024-3400</span></a></p><ul><li><strong>Exploitation status:</strong> Proof of concepts for this vulnerability have been publicly disclosed by third parties.</li><li><strong>Workarounds and mitigations:</strong> In earlier versions of this advisory, disabling device telemetry was listed as a secondary mitigation action. Disabling device telemetry is no longer an effective mitigation. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.</li><li><strong>Solution:</strong><ul><li>- 10.2.6-h3 (Released 4/16/24)</li><li>- 11.0.3-h10 (Released 4/16/24)</li><li>- 11.0.2-h4 (Released 4/16/24)</li><li>- 11.1.0-h3 (Released 4/16/24)</li></ul></li></ul><p><a href="https://infosec.exchange/tags/CVE_2024_3400" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_3400</span></a> <a href="https://infosec.exchange/tags/PaloAltoNetworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PaloAltoNetworks</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploitation</span></a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eitw</span></a> <a href="https://infosec.exchange/tags/kev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kev</span></a> <a href="https://infosec.exchange/tags/KnownExploitedVulnerabilitiesCatalog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KnownExploitedVulnerabilitiesCatalog</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProofofConcept</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload