Forwarded from Cαmber Kirisame (ver. Rolling)
这个号是凹厂marketing发的么
rami3l:
#Rustup 1.27.0 已部署到 dev 环境,欢迎诸位多多测试反馈!
仅需切换到 dev 环境并更新 rustup 便可开始测试:
RUSTUP_UPDATE_ROOT=https://dev-static.rust-lang.org/rustup rustup self update
https://internals.rust-lang.org/t/seeking-beta-testers-for-rustup-1-27-0/20352
#Rustup 1.27.0 已部署到 dev 环境,欢迎诸位多多测试反馈!
仅需切换到 dev 环境并更新 rustup 便可开始测试:
RUSTUP_UPDATE_ROOT=https://dev-static.rust-lang.org/rustup rustup self update
https://internals.rust-lang.org/t/seeking-beta-testers-for-rustup-1-27-0/20352
Forwarded from Solidot
防火墙泄漏跨国流量
2024-03-04 17:28 by 基因先知者
匿名读者写道:FOCI 2024 会议于上月举行,论文 Bleeding Wall: A Hematologic Examination on the Great Firewall 揭示了防火长城于去年存在的越界读漏洞。攻击者发送构造的 DNS 查询,存在漏洞的 DNS 污染器会在抢答中包含缓冲区内容,多数时候是刚处理的上一个数据包。尽管泄漏量有限,每次只能泄漏 124 字节,但论文作者在三天之内收集了数百万条明文 HTTP 凭据等敏感信息,以及暗含 GFW 进程特征的栈帧。
https://www.petsymposium.org/foci/2024/foci-2024-0002.php
#互联网
2024-03-04 17:28 by 基因先知者
匿名读者写道:FOCI 2024 会议于上月举行,论文 Bleeding Wall: A Hematologic Examination on the Great Firewall 揭示了防火长城于去年存在的越界读漏洞。攻击者发送构造的 DNS 查询,存在漏洞的 DNS 污染器会在抢答中包含缓冲区内容,多数时候是刚处理的上一个数据包。尽管泄漏量有限,每次只能泄漏 124 字节,但论文作者在三天之内收集了数百万条明文 HTTP 凭据等敏感信息,以及暗含 GFW 进程特征的栈帧。
https://www.petsymposium.org/foci/2024/foci-2024-0002.php
#互联网
Forwarded from Hacker News
Yuzu emulator developers settle Nintendo lawsuit, pay $2.4M in damages (🔥 Score: 155+ in 1 hour)
Link: https://readhacker.news/s/63txr
Comments: https://readhacker.news/c/63txr
Link: https://readhacker.news/s/63txr
Comments: https://readhacker.news/c/63txr
X (formerly Twitter)
OatmealDome (@OatmealDome) on X
[yuzu]
yuzu will pay $2.4 million in damages to Nintendo to settle their lawsuit.
This was mutually agreed upon by both parties.
https://t.co/XeOaaO03Z7
yuzu will pay $2.4 million in damages to Nintendo to settle their lawsuit.
This was mutually agreed upon by both parties.
https://t.co/XeOaaO03Z7
Forwarded from Rong布星球 🧶 (Rongron🧊 | g𝐝𝐛)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Gmail Bot
✉️ Jason Kelley | EFF Activism Team <[email protected]>
Tell Congress Not to Ban TikTok. Instead, Protect Our Data No Matter Who is Collecting It
This is a friendly message from the Electronic Frontier Foundation.
EFF logo
Action Alert
*******************************
Tell Congress Not to Ban TikTok
*******************************
Tell Congress Not to Ban TikTok. Instead, Protect Our Data No Matter Who is Collecting It
This is a friendly message from the Electronic Frontier Foundation.
EFF logo
Action Alert
*******************************
Tell Congress Not to Ban TikTok
*******************************
Forwarded from 层叠 - The Cascading
本周五 (3/15) 起,所有公众证书须有 CRL 支持。
CA/B 去年七月通过投票,将 CRL (Certiificate Revocation List) 提升为强制要求,而 OCSP 则变为可选要求。
注:Chromium 自很久之前起就已经停止 OCSP 的通常使用,而换用 CRLSets [1]。
cabforum.org/~
linksrc: https://seclists.org/oss-sec/2024/q1/206
1. chromium.org/~
#CA #CRL
CA/B 去年七月通过投票,将 CRL (Certiificate Revocation List) 提升为强制要求,而 OCSP 则变为可选要求。
注:Chromium 自很久之前起就已经停止 OCSP 的通常使用,而换用 CRLSets [1]。
cabforum.org/~
linksrc: https://seclists.org/oss-sec/2024/q1/206
1. chromium.org/~
#CA #CRL
CA/Browser Forum
Ballot SC-063 v4: Make OCSP Optional, Require CRLs, and Incentivize Automation
Voting Results Certificate Issuers 29 votes total, with no abstentions:
28 Issuers voting YES: Amazon, Buypass, Certum, CFCA, Chunghwa Telecom, D-Trust, Digicert, Disig, eMudhra, Entrust, Fastly, GDCA, Globalsign, GoDaddy, HARICA, Izenpe, JPRS, Kamu SM, LE…
28 Issuers voting YES: Amazon, Buypass, Certum, CFCA, Chunghwa Telecom, D-Trust, Digicert, Disig, eMudhra, Entrust, Fastly, GDCA, Globalsign, GoDaddy, HARICA, Izenpe, JPRS, Kamu SM, LE…
CVE-2023-49785
Today we are disclosing a critical SSRF vulnerability, CVE-2023-49785, in a popular Gen AI chatbot, NextChat a.k.a ChatGPT-Next-Web. This disclosure comes 107 days after initial report.
https://twitter.com/Horizon3Attack/status/1767186279253336485
If you are deploying NextChat via docker or other on-premise environment, we recommend you update to latest version v2.11.3ASAP.
https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/releases/tag/v2.11.3
Today we are disclosing a critical SSRF vulnerability, CVE-2023-49785, in a popular Gen AI chatbot, NextChat a.k.a ChatGPT-Next-Web. This disclosure comes 107 days after initial report.
https://twitter.com/Horizon3Attack/status/1767186279253336485
If you are deploying NextChat via docker or other on-premise environment, we recommend you update to latest version v2.11.3ASAP.
https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/releases/tag/v2.11.3
X (formerly Twitter)
Horizon3 Attack Team (@Horizon3Attack) on X
Today we are disclosing a critical SSRF vulnerability, CVE-2023-49785, in a popular Gen AI chatbot, NextChat a.k.a ChatGPT-Next-Web. This disclosure comes 107 days after initial report. There is no patch at this time.
https://t.co/xCv57C5S84
https://t.co/xCv57C5S84
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from 科技圈的日常 (Jimmy Tian)