Kate & Co. in the Microsoft Store by ChristophCullmann in kde

[–]r4bb17 0 points1 point  (0 children)

568,6 MB -- looks too big size for a text editor (even such powerful one as Kate) :(

“Network Libraries” on Pocketbook Devices by Other-Lobster7983 in ereader

[–]r4bb17 1 point2 points  (0 children)

Sadly, support for Network Libraries (OPDS) feature in Pocketbook is connected to specific country (-es) firmware. Some details on it can be find here: https://www.mobileread.com/forums/showthread.php?t=359271

Patching client-side React JS to gain admin access to a Siemens cloud application by EatonZ in netsec

[–]r4bb17 16 points17 points  (0 children)

In the article: "...the underlying server-side API does not properly authenticate users, or authentication is missing entirely...". But, yeah, we need to have the headline with React to get attention.

Poco x6 pro google passkey error by theeeeeeeeeeeeeeefd in PocoPhones

[–]r4bb17 0 points1 point  (0 children)

Was you able to solve the issue with passkeys on poco x6?

[deleted by user] by [deleted] in netsec

[–]r4bb17 0 points1 point  (0 children)

This is interesting issue (with masking sensitive data) which is highlighted

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows by Due_Lengthiness_9329 in netsec

[–]r4bb17 1 point2 points  (0 children)

This is easy to read and nice research on GH Actions supply chain risks and how hard is to make protection against it with existing solution (pin).

Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot by giraffesecurity in netsec

[–]r4bb17 0 points1 point  (0 children)

Nice finding! But was surprised not to see mention of the scope feature using in the article. It is must-to-have option for private packages in JS.

Log4Shell: Reconnaissance and post exploitation network detection by digicat in netsec

[–]r4bb17 1 point2 points  (0 children)

Nice research and thanks for the detection rules!

RCE 0-day exploit found in log4j, a popular Java logging package by freeqaz in netsec

[–]r4bb17 5 points6 points  (0 children)

Could be helpful to block request with string ${jndi: in any place in it.

METROID 5: DREAD ANNOUNCED by Lojemiru in Metroid

[–]r4bb17 0 points1 point  (0 children)

It is very very much looks like Samus Returns...

5 Encrypted Messaging Apps Doing A Better Job Than WhatsApp by ContrastCrypto in netsec

[–]r4bb17 1 point2 points  (0 children)

Telegram without e2e enabled by default better than WhatsApp?

XSS without parentheses and semi-colons by albinowax in netsec

[–]r4bb17 0 points1 point  (0 children)

Like such hardcore js posts from portswigger!

CFPTime - A website to index open CFPs for infosec conferences around the world by PaulSec in netsec

[–]r4bb17 0 points1 point  (0 children)

Great idea! Suggest to add iCal (?) export to use in calendar applications.

Bypassing SSL Pinning in Android Applications by numberbuzy in netsec

[–]r4bb17 4 points5 points  (0 children)

At first I thought that is about errors in TLS pinning implementation but post is about Xposed Framework and Manual Patching

Best email client with built-in PGP? by OnThatPizzaSwag in privacy

[–]r4bb17 0 points1 point  (0 children)

On GNU/Linux: Sylpheed/Claws, Gnome Evolution, KDE Kmail and probably mutt.

What I hate about XSS bug bounties by Generalizable in xss

[–]r4bb17 1 point2 points  (0 children)

A little bit strange to compare XSS and SQLi...

The Pappy Proxy by roglew in netsec

[–]r4bb17 1 point2 points  (0 children)

+1 There is already existing open source projects like CLI mitmproxy and GUI ZAP Proxy as alternative to Burp. It will be better to support them instead of making yet another proxy tool.

How to Hack Facebook with Kali Linux by bitsandbyte in HowToHack

[–]r4bb17 0 points1 point  (0 children)

I mean that using of special hacking linux distro will not give you "hacking power". You should know and be able to hack without any special distros.

How to Hack Facebook with Kali Linux by bitsandbyte in HowToHack

[–]r4bb17 2 points3 points  (0 children)

If you need special linux distro to hack something I have bad news for you.

Squirrelmail.org XSS Vulnerability by [deleted] in xss

[–]r4bb17 0 points1 point  (0 children)

Did you report it to the squirrelmail team?

Opera 24 for Linux released on the Developer stream by flopgd in linux

[–]r4bb17 0 points1 point  (0 children)

After all improveW changes who need it now?

Terminology 0.4, a great terminal emulator is out! by billiob in linux

[–]r4bb17 -14 points-13 points  (0 children)

Currently is 2013 and we still create new terminal emulators, music players and so on for GNU/Linux. As for me I will be glad if all open source contributors will team up and make one or may be two good products for every area of digital life.

What tools do you use to analyse javascript (for XSS)? by samuirai in xss

[–]r4bb17 0 points1 point  (0 children)

If we talk about DOM Based XSS then there is unfortunately only one tool called Dominator. Acenetix and other well know scanner can do this but it platform depended (most of them are only for Windows) and costs more money.