Forwarded from &'a ::rynco::UntitledChannel (didi)
T-60s
Forwarded from 喵喵小喵喵 (Meow-meow 🍓)
vxTwitter / fixvx
💖 1.08K 🔁 77
💖 1.08K 🔁 77
Raven Kwok (@RavenKwok)
Continuation.
🆒1
Forwarded from 每日消费电子观察 (无羽の翼 (「 • ̀ω•́ )「)
TechCrunch
Duolingo sees 216% spike in US users learning Chinese amid TikTok ban and move to RedNote | TechCrunch
TikTok U.S. users have been learning Chinese on Duolingo in increasing numbers amid their adoption of a Chinese social app called RedNote ahead of the
😁6
【中国移动APP更新提醒】尊敬的客户您好,若您的中国移动APP存在闪退情况,请您先“卸载”中国移动APP,然后点击 https://dx.10086.cn/A/7DcNCQ 下载最新版本APP(若无闪退情况请忽略)。春节将至,中国移动APP新春福利活动等您参与!心级服务,让爱连接。【中国移动】
#sms
---
发生什么了
#sms
---
发生什么了
😁3
Forwarded from 每日消费电子观察 (无羽の翼 (「 • ̀ω•́ )「)
Please open Telegram to view this post
VIEW IN TELEGRAM
NBC News
Biden administration looks for ways to keep TikTok available in the U.S.
Barring action by the Supreme Court, a ban on the popular app in the U.S. is set to begin Sunday.
Forwarded from bupt.moe
#security #alipay
今天14:40~14:45 支付宝疑似出现重大失误,错误地把政府补贴适用给所有支付。
评论区甚至有个人转账命中。
https://www.v2ex.com/t/1105618
今天14:40~14:45 支付宝疑似出现重大失误,错误地把政府补贴适用给所有支付。
评论区甚至有个人转账命中。
https://www.v2ex.com/t/1105618
🤯6🥰3😱1
#Forgejo v10.0 was just released! Get it at https://forgejo.org/download/. 🚀
TOTP secrets were made more secure. The UI was made more accessible and reworked to improve the UX. Searching users, repositories, releases and issues was improved. Low German (Plattdüütsch) translation was completed. This is the last version to allow a transparent upgrade from Gitea v1.22 or lower.
Read more at https://forgejo.org/2025-01-release-v10-0/
https://floss.social/@forgejo/113837365333810504
TOTP secrets were made more secure. The UI was made more accessible and reworked to improve the UX. Searching users, repositories, releases and issues was improved. Low German (Plattdüütsch) translation was completed. This is the last version to allow a transparent upgrade from Gitea v1.22 or lower.
Read more at https://forgejo.org/2025-01-release-v10-0/
https://floss.social/@forgejo/113837365333810504
forgejo.org
👍1
evilsocket:
121 days ago I reported something to Apple, no fixes and no follow ups after my ping yesterday, so here it goes the full disclosure.
Apple CUPS does not verify TLS allowing an attacker on the same network to impersonate any previously used IPPS printer (or any device really) via spoofed Bonjour advertisements and therefore forcing the Bonjour discovery service to (automatically and silently) connect to an arbitrary host (also external to LAN), leaking sensitive information and allowing the attacker to interact with a plethora of other system services in nasty ways. Of course this also allows anyone to intercept, read and modify print jobs on the network, but frankly that is the least impactful attack vector here. https://github.com/apple/cups/blob/master/cups/tls-darwin.c#L1278s
If you use openssl to check your printer TLS certificate on port 631, you'll probably find that the device is using a self-signed certificate, like pretty much all printers I had a chance to test. I have no idea how they're going to fix this without breaking backwards compatibility. I know they want to switch to a Trust On First Use approach, but that's vulnerable as well due to other conditions. This set of vulnerabilities can be easily leveraged by using the ZeroGod bettercap module I've pushed months ago -> https://github.com/bettercap/bettercap/tree/master/modules/zerogod
https://x.com/evilsocket/status/1879846515180511705
121 days ago I reported something to Apple, no fixes and no follow ups after my ping yesterday, so here it goes the full disclosure.
Apple CUPS does not verify TLS allowing an attacker on the same network to impersonate any previously used IPPS printer (or any device really) via spoofed Bonjour advertisements and therefore forcing the Bonjour discovery service to (automatically and silently) connect to an arbitrary host (also external to LAN), leaking sensitive information and allowing the attacker to interact with a plethora of other system services in nasty ways. Of course this also allows anyone to intercept, read and modify print jobs on the network, but frankly that is the least impactful attack vector here. https://github.com/apple/cups/blob/master/cups/tls-darwin.c#L1278s
If you use openssl to check your printer TLS certificate on port 631, you'll probably find that the device is using a self-signed certificate, like pretty much all printers I had a chance to test. I have no idea how they're going to fix this without breaking backwards compatibility. I know they want to switch to a Trust On First Use approach, but that's vulnerable as well due to other conditions. This set of vulnerabilities can be easily leveraged by using the ZeroGod bettercap module I've pushed months ago -> https://github.com/bettercap/bettercap/tree/master/modules/zerogod
https://x.com/evilsocket/status/1879846515180511705
GitHub
cups/cups/tls-darwin.c at master · apple/cups
Apple CUPS Sources. Contribute to apple/cups development by creating an account on GitHub.