ssh with an easy to guess root password?
It probably has a large database of exploits it can use. The article claims 20k, but this seems to high for me.
Yes, but they replace common tools like top or lsof with manipulated versions. This might at least trick less experienced sysadmins.
Edit: Some found out about the vulnerability by ressource alerts. Probably very easy in a virtualized environment. The malware can't fool the hypervisor ;)
More than 40% of all federal spending goes into the defense sector? That's absolutely insane, no country can survive this (unless they get massive support, like Ukraine does).
I agree, but I understood this question in the context of a homelab.
And for me, a homelab is not the right place for a public website, for the reasons I mentioned.
No, with these reasons:
- Bandwidth isn't plenty
- My "uptime" at home isn't great
- No redundant hardware, even a simple mainboard defect would take a while to replace
I have a VPS for these tasks, and I host a few sites for friends amd family.
Five pizzas?
I got it a few times over the last years, once on the steam deck.
Grains are "better" than I would have expected.
Just one open source example ... freeradius has an option to log passwords:
log {
destination = files
auth = no
auth_badpass = no
auth_goodpass = no
}
Or another example: The apache web server has a module that dumps all POST data, with passwords, in plain text:
mod_dumpioallows for the logging of all input received by Apache and/or all output sent by Apache to be logged (dumped) to the error.log file. The data logging is done right after SSL decoding (for input) and right before SSL encoding (for output). As can be expected, this can produce extreme volumes of data, and should only be used when debugging problems.
I don't agree that this is "absolutely malice", it could also be stupidity and forgetfulness.
This is not about facebook not hashing credentials, it is that they appeared in internal logs.
Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers.
Source: Krebs on Security
Prompt: space station on the moon, lots of glass, colorful inside, grey outside, earth in background -- Bing Image Creator
Theme
With all the news about humans travelling into space for fun, I thought it would be time for a challenge about space.
Ready to unleash your creativity? Show us your vision of humanity’s future in space! Whether it’s futuristic space stations, colonized planets, or deep-space exploration, we want to see how YOU imagine humans conquering the stars.
Submit your best AI-generated artwork and be part of this exciting journey beyond Earth. I'm sure you can do a lot better than my space station on the moon ;)
Like previous entries, take your time! Some of you can be super fast (me included) and the early bird often catches the worm. So for this challenge I’m subtracting a point for anyone who posts within 24 hours. It's not ideal, and I know it's not something everybody likes, but we should settle that outside the contest I think.
Rules
-
Follow the community’s rules above all else
-
One comment and image per user
-
Embed image directly in the post (no external link)
-
Workflow/Prompt sharing encouraged (we’re all here for fun and learning)
-
Posts that are tied will both get the points
-
The challenge runs for 7 days from now on
-
Down votes will not be counted
-
Scores
-
At the end of the challenge each post will be scored:
| Prize | Points |
|---|---|
| Most upvoted | +3 points |
| Second most upvoted | +1 point |
| Third most upvoted | +1 point |
| OP's favorite | +1 point |
| Last two entries (to compensate for less time to vote) | +1 point |
| Prompt and workflow included | +1 point |
| Post within 24 hours | -1 point |
The winner gets to pick the next theme. As always, have fun everyone! Previous entries
Someone in Poland chose an interesting name for his company.
I have both done pentests and received pentest reports. My observation is that the perceived severity often varies between the tester and the customer.
Reason for this meme is that some ubisoft titles are shipped with a broken version of ubisoft connect launcher. Installing these games is only possible by running the installer for the launcher again via protontricks.
Nothing tells me more that you care about my privacy than sharing my data with hundreds or thousands of companies.
Sadly, the support for passkeys is still lacking.
Anybody else working on the 2025 budget?
As AI image recognition advances, CAPTCHAs need to get more creative.
What are your best experiences with CAPTCHAs?
What is your favourite password rule?
Interestingly, the firewall got overload by the number of UDP packets and not by the bandwidth of traffic. See UDP Flooding on Wikipedia.
view more: next ›
"National security" and "defense" just sound better than destabilizing the region and terrorizing neighboring countries.