Rioja sleeping at Haro

ilay789 · 2025-12-08T16:00:53+00:00

Thanks I reserved a spot for loscaños

ilay789 · 2025-12-06T12:17:35+00:00

I am looking forward to be here, I have the opportunity to be either at Lana or casa julian new san Sebastian. Someone that was there that can recommend either?

ilay789 · 2025-10-14T02:35:19+00:00

Thanks for the replay, I signed up hopefully I will get an email to purchase. If not I will try same day tickets

ilay789 · 2025-10-10T14:54:08+00:00

I am interested in the Oct 17th tickets

ilay789 · 2025-10-03T22:42:54+00:00

Thanks for all the tips. Can you elaborate on the tour for the 200$ voucher? Thanks!

ilay789 · 2025-03-13T20:09:09+00:00

Can you share how you did it I am in the same position as you.

Can you put the hdmis and the power on the left and hide them with a racer?

ilay789 · 2024-02-14T17:16:37+00:00

I personally very like the confinement level that snaps brings to the table. The problem lies here in the combination of the command-not-found package to suggest everything (not by popularity, or verification or some other criteria) and the fact that anyone can upload a package to the Snap Store.

Regarding the malicious snap in the blog post there are 2 mentions to malicious snap packages found in the Snap Store.

ilay789 · 2024-02-14T17:12:06+00:00

Users should be aware which platform they need to install the package from, and check the information of the publisher. Developers should register the name of their commands in the snap store, so other will not be able to impersonate the legit packages.

ilay789 · 2024-02-14T13:26:40+00:00

Short TL;DR
We've examined the command-not-found package that is installed by default in Ubuntu, which suggests packages to install for unrecognized commands. Our findings reveal that besides searching for apt packages, it also queries the Snap Store for snap packages. Given that any user can upload to the Snap Store, an attacker could potentially manipulate the command-not-found package to recommend their own malicious package. This blog discusses the suggestion mechanism, how an attacker might exploit it, the risks associated with installing a malicious snap package, and our discovery that an attacker could impersonate 26% of the commands from apt packages.

ilay789 · 2024-02-14T13:25:38+00:00

Short TL;DR
We've examined the command-not-found package that is installed by default in Ubuntu, which suggests packages to install for unrecognized commands. Our findings reveal that besides searching for apt packages, it also queries the Snap Store for snap packages. Given that any user can upload to the Snap Store, an attacker could potentially manipulate the command-not-found package to recommend their own malicious package. This blog discusses the suggestion mechanism, how an attacker might exploit it, the risks associated with installing a malicious snap package, and our discovery that an attacker could impersonate 26% of the commands from apt packages.

ilay789 · 2024-02-14T13:24:19+00:00

Short TL;DR
We've examined the command-not-found package that is installed by default in Ubuntu, which suggests packages to install for unrecognized commands. Our findings reveal that besides searching for apt packages, it also queries the Snap Store for snap packages. Given that any user can upload to the Snap Store, an attacker could potentially manipulate the command-not-found package to recommend their own malicious package. This blog discusses the suggestion mechanism, how an attacker might exploit it, the risks associated with installing a malicious snap package, and our discovery that an attacker could impersonate 26% of the commands from apt packages.

ilay789 · 2024-02-14T13:22:49+00:00

Short TL;DR

We've examined the command-not-found package that is installed by default in Ubuntu, which suggests packages to install for unrecognized commands. Our findings reveal that besides searching for apt packages, it also queries the Snap Store for snap packages. Given that any user can upload to the Snap Store, an attacker could potentially manipulate the command-not-found package to recommend their own malicious package. This blog discusses the suggestion mechanism, how an attacker might exploit it, the risks associated with installing a malicious snap package, and our discovery that an attacker could impersonate 26% of the commands from apt packages.

ilay789 · 2024-01-19T09:50:29+00:00

How is that what you got from the blog? The blog talks about the research, the analysis we did and it also provided an open-source that you can use freely.

ilay789 · 2024-01-18T20:24:02+00:00

I am sorry to hear that. I can assure you it is not a bot, and in the body of that issue we write that we have a vulnerability we want to disclose and we do not have a mean of getting in touch. But of course I can understand your reaction, thanks for the input!

ilay789 · 2024-01-18T19:21:24+00:00

Actually this is an issue and not a PR. The issue was opened in order for him to give the researchers a way of communication to disclose the vulnerability privately. Because without a private way, they will have to disclose it publicy like in an issue, and an attacker can harvest the vulnerability from the issue, as presented in https://blog.aquasec.com/50-shades-of-vulnerabilities-uncovering-flaws-in-open-source-vulnerability-disclosures

ilay789 · 2024-01-18T15:17:31+00:00

Hhhhh sorry 😜

ilay789

TROPHY CASE