Profile - Nostr Hypermedia

npub1syue...3cq9

German ministry renames itself, domain expires, is bought by SEO-spammer, expires again, is bought by domain grabber, then later bought by itsec company who now learns that apparently plenty of internal systems of the ministry still try to connect to the domain... I don't even know where to start how terrible that is and what it tells us about government IT security practices...

Mint Secure

Bundesdomain im Blindflug: DNS-Leaks und ein Jahrzehnt IT-Nachlässigkeit

Der Artikel zeigt, wie die vergessene Bundesdomain bafl.de weiterhin von Behörden-Systemen genutzt wird und DNS-Logs ausgewertet wurden.

@npub1s9uc...2y0t good work!

npub1syue...3cq9 2 weeks ago

I've recently stumbled upon an RCE "exploit" for the Serendipity blog software, which I happen to use and have contributed to in the past. From what I can tell, it does nothing interesting (it does not even work due to broken indents, if one fixes that it uploads a PHP shell given existing credentials, but that won't be executed unless you have a server config that executes .inc files). I'm 95% certain this is bogus. Yet... in case anyone wants to have a look:

GitHub

Exploit (probably bogus) on exploit-db · Issue #940 · s9y/Serendipity

I stumbled upon this: https://www.exploit-db.com/exploits/52036 This claims to be a remote code execution exploit for serendipity. I believe it is ...

Load More → Loading...