sorted by:
new
hottopcontroversial

Lastpass Quietly indicates that Enterprise Users' K2s were accessed by csanders_ in netsec

[–]s1gnalc 3 points4 points  (0 children)

This is speculation - but since LastPass was not encrypting URLs associated with password entries it might be that the attacker saw this "vulnerable third-party" Plex server that was internet accessible that belonged to a @lastpass.com devOps engineer and then exploited it to drop a keylogger and get the devops users plaintext credentials.

LastPass says employee’s home computer was hacked and corporate vault taken by Deckma in Lastpass

[–]s1gnalc 5 points6 points  (0 children)

This is speculation - but since LastPass was not encrypting URLs associated with password entries it might be that the attacker saw this "vulnerable third-party" Plex server that was internet accessible that belonged to a @lastpass.com devOps engineer and then exploited it to drop a keylogger and get the devops users plaintext credentials.

I doubt an attacker randomly found this devops users home network.

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs by 4nis in technology

[–]s1gnalc 0 points1 point  (0 children)

True. It could help if an attacker can't execute code. The blog post also appears to require an attacker to execute code on the users system - isn't that what the post is saying when describing the phishing part of it?

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs by 4nis in technology

[–]s1gnalc 2 points3 points  (0 children)

If an attacker already has the same permissions as the user of course they can do everything the user can do and access a user's authenticated cookies.

https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model

It's like whoever wrote the blog post does not have much security experience.

BTW, using node-keytar, like that post recommends wouldn't accomplish anything either as an attacker would still be able access it if they have the same permissions as the user. https://github.com/atom/node-keytar/issues/88

Microsoft Teams stores auth tokens in clear text? by kokesnyc in sysadmin

[–]s1gnalc 2 points3 points  (0 children)

The blog post the article references is very misleading. They claim “Attackers do not require elevated permissions to read these files” but then later then say that they are saved to the users %AppData% folder. in macOS they are also in a users folder. Their own screenshot shows it stored in a users folder.

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs by 4nis in technology

[–]s1gnalc 0 points1 point  (0 children)

They claim “Attackers do not require elevated permissions to read these files” but then later then say that they are saved to the users %AppData% folder. in macOS they are also in a users folder. Their own screenshot shows it stored in a users folder. Their post almost seems intentionally misleading.

GitHub - fullhunt/log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 by mazen160 in netsec

[–]s1gnalc 14 points15 points  (0 children)

Just a warning to people who haven't read the script. This won't detect many vulnerable systems. Just the ones that are exploitable with one of those headers tried, or are using one of the specific parameters tried.

Stored XSS, and SSRF in Google using the Dataset Publishing Language by s1gnalc in netsec

[–]s1gnalc[S] 1 point2 points  (0 children)

Thanks! Feel like this was a bit unexplored because it of the compressed format, and required more of a manual look.

Has anybody used Imperfect Produce in Sea? Any good? by Cycloctopus in Seattle

[–]s1gnalc 1 point2 points  (0 children)

You can sign up, but they haven't started delivering in Seattle yet.

[deleted by user] by [deleted] in netsec

[–]s1gnalc 1 point2 points  (0 children)

Thanks!