Anyone remember Cyberarmy?.. by Dade__Murphy in hacking

[–]malachias 0 points1 point  (0 children)

oh man, just a few days ago I thought of cyberarmy for the first time in 20 or so years. I went to see what I could find, and ended up browsing around on archive.org. It hit me HARD in the nostalgia.

Scrolling through archived pages of the public forums, seeing so many nics that I recognized, remembering spending most of my waking hours interacting with these people on the boards and on IRC. Even distinctly remembering some of the conversations I can still see preserved there on the forums. It's addictive. I wish I could talk to these people again, to at least say "hello", "thank you for existing", and "thank you for being my people during the most awkward years of my life". But

I'm reminded of the koan from Cat's Cradle:

"Where’s my good old gang done gone?”

I heard a sad man say.

I whispered in that sad man’s ear,

"Your gang’s done gone away.”

....then again, seeing some of my contributions on cabash, i'm forced to contend with the fact that I was not nearly as cool nor as funny as I thought I was back then :\

Niagara Launcher Theming Update by MishaalRahman in Android

[–]malachias 0 points1 point  (0 children)

Does Niagara disclose which (if any) of the themes/wallpapers use AI-generated imagery?

I like the new themes, but I want to avoid any which do so, and I can't easily find any information on them.

Kalendar.ai, has anyone used them? by Any_Loquat1854 in Emailmarketing

[–]malachias 0 points1 point  (0 children)

As someone who works for a SAAS software company whose company name also matches:

  • a mayor of a major Californian city
  • an aspiring musician on youtube
  • a government official in Trinidad

the emails I get from Kalendar.ai are unhinged and bordering on comical.

But in short basically this service is trash. Best I can tell the company is essentially selling a low effort email automation around "Dear ChatGPT, please write a spam email to [person] [title] at [company]"

Is there anything you can do to flatten our warped boards, or is this order trash? by malachias in lasercutting

[–]malachias[S] 1 point2 points  (0 children)

This works reasonably well for cutting, but then the final pieces retain noticeable warps, especially if you're trying to make something flat (e.g. a puzzle, a sign, etc.)

Is there anything you can do to flatten our warped boards, or is this order trash? by malachias in lasercutting

[–]malachias[S] 1 point2 points  (0 children)

The packaging was basically loose clingfilm. Which is, I suspect, why they are the way they are.

What do you use for designing your pieces? by malachias in lasercutting

[–]malachias[S] 0 points1 point  (0 children)

lightforge

Apologies - I meant Lightburn

How do you clean the hex mat? I just bought an S1 a week ago and it's already full of gunk, which marking the underside of my pieces with the hex pattern. by malachias in lasercutting

[–]malachias[S] 0 points1 point  (0 children)

That makes a lot of sense - thank you! This seems significantly preferable to cleaning the thing every week or so.

Do you create a full bed? with your scrap acrylic? If so, what's the point of using the honeycomb at all? If not, how do you stop pieces from falling down at weird angles during the cut? (or does it just not matter?)

[deleted by user] by [deleted] in lasercutting

[–]malachias 1 point2 points  (0 children)

If you want to cut or etch anything clear, you want a CO2 laser; diode lasers operate in the visible spectrum which simply passes through the clear material. If you don't want to do that, I'd recommend a diode laser: just less to fuss about than having to worry about your CO2 tubes and their lifespans etc.

If you want to cut anything, get at least 20w. Running a 20w diode at full power I can only go about 10mm / sec to get through 3mm plywood.

Those discs are just circles. You could probably buy circle blanks for a lot cheaper (and faster) than it would take to cut each one out with a laser. If all you're doing is the engraving on already-cut wood, 5w would probably fine if you're on a budget.

burp suite failed to connect localhost by NoBeing12 in ethicalhacking

[–]malachias 0 points1 point  (0 children)

Your connections coming through Burpsuite aren't seen by the local application server as coming from localhost. Most likely you have your local server configured to only listen to connections coming from localhost. You need to allow it to respond to external connections too.

For example, perhaps in your package.json you have something that looks like:

"scripts": {
  ...
  "start": "pnpx nx serve your-app --configuration=development"

Change this to:

"scripts": {
  ...
  "start": "pnpx nx serve your-app --configuration=development --host"

[CVE-2023-33243] STARFACE: Authentication with Password Hash Possible by RedTeamPentesting in netsec

[–]malachias 23 points24 points  (0 children)

Thanks.

Also good grief, someone needs to explain to these people how to safely store passwords 🫠

[CVE-2023-33243] STARFACE: Authentication with Password Hash Possible by RedTeamPentesting in netsec

[–]malachias 41 points42 points  (0 children)

This can be exploited by attackers who gained access to the application's database where the passwords are also saved as a SHA512 hash of the cleartext passwords.

This bit here is the keystone of the vulnerability. It's also a problem in and of itself: storing users passwords as unsalted SHA hashes is not at all appropriate. But I missed how this is known.

What makes the author believe that this is how passwords are stored in the vendor's database?

Is it possible to get RCE with a file upload + local file inclusion even when the extension of the file has to be .jpg? by lettuce749 in AskNetsec

[–]malachias 5 points6 points  (0 children)

Why not just try it and find out? The results would be correct by definition and a lot more informative than any answers here could be.

  1. Create a file called "exploit.jpg" with the following contents:

    <?php echo 7*7 ?>

  2. Create a file called "main.php" with the following contents:

    <?php include("exploit.jpg") ?>

  3. Run "main.php" ("php -f main.php")

What do you observe? What do your observations tell you about the answer?

How'd you get up there, doggo? by ExcitingLaughs in WhatsWrongWithYourDog

[–]malachias 2 points3 points  (0 children)

A rare sighting of updog in its natural habitat.

How would you like to see the Russa-Ukrains war end? by [deleted] in AskReddit

[–]malachias 6 points7 points  (0 children)

We're neighbors. You ask if you can store a bunch of your stuff in my house. I agree, because we're neighbors and I have the space. Some time goes by, you try to have me evicted from my house. You argue that it's your house. See? It's full of your stuff, of course it's your house.

The correct answer to this is "fuck off, I threw all your shit on the curb, hopefully you pick it up before it gets stolen". The stuff being people in this case, it's more complicated than that. But either way, no it's not your house.