recentpopularlog in

vulnerability

« earlier   
Hunting ThunderShell C2
Charles' ThunderShell was found to be vulnerable to several flaws
vulnerability  powershell  rat  redteam  drama 
6 days ago by plaxx
Snyk
Snyk helps you use open source and stay secure.
Continuously find & fix vulnerabilities in your dependencies
nodejs  tools  javascript  js  security  dependency  vulnerability  ci 
7 days ago by wjy
KRACK Attacks: Breaking WPA2
WPA2 の脆弱性を狙った KRACK のサイト。
network  security  vulnerability 
11 days ago by summerwind
Jay-Z Discusses Rap, Marriage and Being a Black Man in Trump’s America - The New York Times
The strongest thing a man can do is cry. To expose your feelings, to be vulnerable in front of the world. That’s real strength. You know, you feel like you gotta be this guarded person. That’s not real. It’s fake.
masculinity  vulnerability  jay-z 
14 days ago by lwhlihu
Objective-See
First, let's look what's happening at a high level. When a user (or attacker) attempts to log into an account that is not currently enabled (i.e. root), the system will create that account with whatever password the user specifies...even if that password is blank. This is why to perform this attack via the UI, you have to click on 'Unlock' twice
security  decompiling  analysis  reverseengineering  vulnerability  macos 
18 days ago by dlkinney
macOS High Sierra 'root' security bug: Stop and do this NOW • iMore
Rene Ritchie:
<p>This is a zero-day exploit. Lemi Orhan Ergin tweeted to Apple's support account that he had discovered a way to log into a Mac running High Sierra by using the superuser "root" and then clicking the login button repeatedly. (Mac's running Sierra or earlier versions of the OS are not affected.)

Ergin should absolutely have disclosed this to Apple and given the company a chance to patch it before it went public, and Apple should never have allowed the bug to shop, but none of that matters right now.

Here's what's important: The "root" account allows super-user access to your system. It's supposed to be disabled by default on macOS. For whatever reason, it's not on High Sierra. Instead, "root" is enabled and currently allows access to anyone without a password.

So, anybody who has physical access to your Mac or can get through via screen sharing, VNC, or remote desktop, and enters "root" and hits login repeatedly, can gain complete access to the machine.

Setting "root" password "fixes" the problem.</p>


Apple is working on a fix. You can fix it in three steps in the Terminal. Personally? Not going to bother. You can't get into it from the login window; you need to have access (via those methods mentioned) to the machine. Those are off and screen lock keeps intruders away. Yeah, come at me.

Crappy of Ergin, though.
macos  root  vulnerability 
19 days ago by charlesarthur

Copy this bookmark:





to read