Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Administered by:

Server stats:

228
active users

eupolicy.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#proofofconcept

0 posts0 participants0 posts today
Tino Eberl<p><a href="https://mastodon.online/tags/KINews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KINews</span></a> <a href="https://mastodon.online/tags/Retr%C3%B6t" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Retröt</span></a><br><a href="https://mastodon.online/tags/Gartner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gartner</span></a> prognostiziert, dass 30 % der generativen <a href="https://mastodon.online/tags/KIProjekte" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KIProjekte</span></a> nach dem <a href="https://mastodon.online/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofofConcept</span></a> (PoC) abgebrochen werden. Aber das ist auch gut so: Ein <a href="https://mastodon.online/tags/PoC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PoC</span></a> ermöglicht es Unternehmen, <a href="https://mastodon.online/tags/Risiken" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risiken</span></a> und <a href="https://mastodon.online/tags/Machbarkeit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Machbarkeit</span></a> frühzeitig zu bewerten, <a href="https://mastodon.online/tags/Kosten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kosten</span></a> zu sparen und wertvolle Erfahrungen zu sammeln. So lassen sich ineffiziente Projekte stoppen, bevor sie teurer werden. Ausprobieren lohnt sich und Abbrechen ist manchmal der bessere Weg.</p><p><a href="https://mastodon.online/tags/KI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KI</span></a> <a href="https://mastodon.online/tags/Projektmanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Projektmanagement</span></a></p><p><a href="https://tino-eberl.de/ki-news/gartner-30-der-ki-projekte-werden-nach-poc-abgebrochen-ja-gut-so/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tino-eberl.de/ki-news/gartner-</span><span class="invisible">30-der-ki-projekte-werden-nach-poc-abgebrochen-ja-gut-so/</span></a></p>
Su_G<p><span class="h-card" translate="no"><a href="https://sauropods.win/@futurebird" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>futurebird</span></a></span> </p><p>You've convinced me! Bringing back extinct lichen is a great way to do proof of concept for bringing back extinct organisms, 🙂 </p><p><a href="https://aus.social/tags/proofOfConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proofOfConcept</span></a> <br><a href="https://aus.social/tags/lichen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lichen</span></a> <a href="https://aus.social/tags/Extinct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Extinct</span></a></p>
xoron :verified:<p>id like to share some details about how my app works so you can discover/give me feedback on my app. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify.</p><p><a href="https://github.com/positive-intentions/chat" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/positive-intentions</span><span class="invisible">/chat</span></a></p><p><a href="https://positive-intentions.com/blog/introducing-decentralized-chat" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">positive-intentions.com/blog/i</span><span class="invisible">ntroducing-decentralized-chat</span></a></p><p>im not an expert on <a href="https://infosec.exchange/tags/cyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyberSecurity</span></a>. im sure there are many gaps in my knowlege in this domain.</p><p>using <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a>, i initially created a fairly basic <a href="https://infosec.exchange/tags/chatApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chatApp</span></a> using using <a href="https://infosec.exchange/tags/peerjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>peerjs</span></a> to create <a href="https://infosec.exchange/tags/encrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encrypted</span></a> <a href="https://infosec.exchange/tags/webrtc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webrtc</span></a> <a href="https://infosec.exchange/tags/connections" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>connections</span></a>. this was then easily enhanced by exchanging additional <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://infosec.exchange/tags/keys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keys</span></a> from <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> functions built into browsers (<a href="https://infosec.exchange/tags/webcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webcrypto</span></a> api) to add a redundent layer of encryption. a <a href="https://infosec.exchange/tags/diffieHelman" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>diffieHelman</span></a> key <a href="https://infosec.exchange/tags/exchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exchange</span></a> is done over <a href="https://infosec.exchange/tags/webrtc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webrtc</span></a> (which can be considered <a href="https://infosec.exchange/tags/secure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secure</span></a> when exchanged over public channels) to create <a href="https://infosec.exchange/tags/serverless" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>serverless</span></a> <a href="https://infosec.exchange/tags/p2p" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>p2p</span></a> <a href="https://infosec.exchange/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a>.</p><p>- i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have <a href="https://infosec.exchange/tags/openedSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openedSource</span></a> my <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> module. its basically a thin wrapper around vanilla cryptography functions of a <a href="https://infosec.exchange/tags/browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>browser</span></a> (webcrypto api).</p><p>- another concern for my kind of app (<a href="https://infosec.exchange/tags/PWA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PWA</span></a>) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for <a href="https://infosec.exchange/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a>. selhosting this app has some unique features. unlike many other <a href="https://infosec.exchange/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://infosec.exchange/tags/projects" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>projects</span></a>, this app can be hosted on <a href="https://infosec.exchange/tags/githubPages" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>githubPages</span></a> (instructions are provided in the readme). im also working towards having better support for running the index.html directly without a static server.</p><p>- to prevent things like browser extensions, the app uses strict <a href="https://infosec.exchange/tags/CSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CSP</span></a> headers to prevent <a href="https://infosec.exchange/tags/unauthorised" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unauthorised</span></a> code from running. <a href="https://infosec.exchange/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> users should take note of this when setting up their own instance.</p><p>- i received feedback the <a href="https://infosec.exchange/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a>/#Simplex protocol is great. completely undertsandable and agree, but wonder if im reducing the <a href="https://infosec.exchange/tags/complexity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>complexity</span></a> by working with <a href="https://infosec.exchange/tags/webrtc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webrtc</span></a>. while it has its many flaws, i think risks can be reasonable mitigated if the <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> functions are implemented correctly. (all data out is <a href="https://infosec.exchange/tags/encrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encrypted</span></a> and all data in is <a href="https://infosec.exchange/tags/decrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>decrypted</span></a> on-the-fly)</p><p>- the key detail that makes this approach unique, is because as a <a href="https://infosec.exchange/tags/webapp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webapp</span></a>, unlike other solutions, users have a choice of using any <a href="https://infosec.exchange/tags/device" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>device</span></a>/#os/#browser. while a webapp can have nuanced <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilities</span></a>, i think by <a href="https://infosec.exchange/tags/openSourcing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSourcing</span></a> and providing instructions for <a href="https://infosec.exchange/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> and instructions to <a href="https://infosec.exchange/tags/build" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>build</span></a> for various <a href="https://infosec.exchange/tags/platforms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>platforms</span></a>, it can provide a reasonable level of <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a>.</p><p>i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the <a href="https://infosec.exchange/tags/frontend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>frontend</span></a> and the peerjs-server to be <a href="https://infosec.exchange/tags/hosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hosted</span></a> <a href="https://infosec.exchange/tags/independently" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>independently</span></a>, im on track for creating a <a href="https://infosec.exchange/tags/chatSystem" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chatSystem</span></a> with the "fewest moving parts". i hope you will agree this is true <a href="https://infosec.exchange/tags/p2p" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>p2p</span></a> and i hope i can use this as a step towards true <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a>. <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> might be further improved by using a trusted <a href="https://infosec.exchange/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a>.</p><p>while there are several similar apps out there like mine. i think mine is distinctly a different approach. so its hard to find <a href="https://infosec.exchange/tags/bestPractices" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bestPractices</span></a> for the functionalities i want to achieve. in particular <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> practices to use when using <a href="https://infosec.exchange/tags/p2p" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>p2p</span></a> technology.</p><p>(note: this app is an <a href="https://infosec.exchange/tags/unstable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unstable</span></a>, <a href="https://infosec.exchange/tags/experiment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>experiment</span></a>, <a href="https://infosec.exchange/tags/proofOfConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proofOfConcept</span></a> and not ready to replace any other app or service. It's far from finished and provided for <a href="https://infosec.exchange/tags/testing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>testing</span></a> and <a href="https://infosec.exchange/tags/demo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>demo</span></a> purposes only. This post is to get <a href="https://infosec.exchange/tags/feedback" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>feedback</span></a> on the progress to determine if i'm going in the right direction for a secure chat app)</p>
Tino Eberl<p><a href="https://mastodon.online/tags/KINews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KINews</span></a></p><p><a href="https://mastodon.online/tags/Gartner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gartner</span></a> prognostiziert, dass 30 % der generativen <a href="https://mastodon.online/tags/KIProjekte" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KIProjekte</span></a> nach dem <a href="https://mastodon.online/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofofConcept</span></a> (PoC) abgebrochen werden. Aber das ist nicht unbedingt schlecht: Ein <a href="https://mastodon.online/tags/PoC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PoC</span></a> ermöglicht es Unternehmen, <a href="https://mastodon.online/tags/Risiken" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risiken</span></a> und <a href="https://mastodon.online/tags/Machbarkeit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Machbarkeit</span></a> frühzeitig zu bewerten, <a href="https://mastodon.online/tags/Kosten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kosten</span></a> zu sparen und wertvolle Erfahrungen zu sammeln. So lassen sich ineffiziente Projekte stoppen, bevor sie teurer werden. Fazit: Ausprobieren lohnt sich und Abbrechen ist manchmal der bessere Weg. </p><p><a href="https://mastodon.online/tags/KI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KI</span></a> <a href="https://mastodon.online/tags/Projektmanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Projektmanagement</span></a></p><p><a href="https://tino-eberl.de/ki-news/gartner-30-der-ki-projekte-werden-nach-poc-abgebrochen-ja-gut-so/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tino-eberl.de/ki-news/gartner-</span><span class="invisible">30-der-ki-projekte-werden-nach-poc-abgebrochen-ja-gut-so/</span></a></p>
Olaf<p>Kann <a href="https://fediworld.de/tags/Sharkey" rel="nofollow noopener noreferrer" target="_blank">#Sharkey</a> auch <a href="https://fediworld.de/tags/Video" rel="nofollow noopener noreferrer" target="_blank">#Video</a>? <a href="https://fediworld.de/tags/proofofconcept" rel="nofollow noopener noreferrer" target="_blank">#proofofconcept</a><span><br><br>In dem Zusammenhang etwas Background: <br><br>Ich habe mit dem Besitzer des Autos eine Stunde vor dem Teil gestanden - das hat seit 1957 80346 km auf der Uhr ("erste Umdrehung!"), braucht 10 ltr/100km und hat 45 PS. Damals war das der "Mercedes des kleinen Mannes". <br>(Mädels fuhren brav damals auf dem Beifahrersitz) <br>Der Artikel erscheint morgen in der Zeitung und unsere fu**ing Website ist nicht in der Lage, hochformatige Videos einzubinden. "Aber das ist doch sowieso für Instagram...!" - Ja, klar! Aber die Menschen, die sich an solche Autos eher erinnern nicht! Und die Verweildauer auf einem Reel ist ... fünf Sekunden? <br>#zielgruppe #medien #mediengestaltung</span></p>
Not Simon<p><strong>Palo Alto Networks</strong> released additional details about CVE-2024-3400: the fact that it is a combination of two bugs in PAN-OS; how an attacker was exploiting it; how disabling telemetry initially worked; and how they fixed it. The timeline from discovery to remediation encompasses the whole blog post. Overall a comprehensive after-action review from a company that notified the public almost immediately of an exploited zero-day. 🔗<a href="https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">paloaltonetworks.com/blog/2024</span><span class="invisible">/04/more-on-the-pan-os-cve/</span></a></p><p><a href="https://infosec.exchange/tags/CVE_2024_3400" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_3400</span></a> <a href="https://infosec.exchange/tags/PaloAltoNetworks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PaloAltoNetworks</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>activeexploitation</span></a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eitw</span></a> <a href="https://infosec.exchange/tags/kev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kev</span></a> <a href="https://infosec.exchange/tags/KnownExploitedVulnerabilitiesCatalog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KnownExploitedVulnerabilitiesCatalog</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofofConcept</span></a> <a href="https://infosec.exchange/tags/PANOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PANOS</span></a> <a href="https://infosec.exchange/tags/IOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOC</span></a></p>
Not Simon<p><strong>Zscaler</strong> observed exploitation of the Palo Alto Networks PAN-OS command injection zero-day vulnerability CVE-2024-3400 following the release of the PoC exploit code. Zscaler provides an attack flow diagram, and a technical analysis of the Upstyle backdoor and its layers. IOC provided. 🔗 <a href="https://www.zscaler.com/blogs/security-research/look-cve-2024-3400-activity-and-upstyle-backdoor-technical-analysis" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">zscaler.com/blogs/security-res</span><span class="invisible">earch/look-cve-2024-3400-activity-and-upstyle-backdoor-technical-analysis</span></a></p><p><a href="https://infosec.exchange/tags/CVE_2024_3400" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_3400</span></a> <a href="https://infosec.exchange/tags/PaloAltoNetworks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PaloAltoNetworks</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>activeexploitation</span></a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eitw</span></a> <a href="https://infosec.exchange/tags/kev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kev</span></a> <a href="https://infosec.exchange/tags/KnownExploitedVulnerabilitiesCatalog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KnownExploitedVulnerabilitiesCatalog</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofofConcept</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/IOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOC</span></a></p>
Not Simon<p><strong>TrustedSec</strong> CTO Justin Elze shared CVE-2024-3400 exploit in the wild on Twitter yesterday, reports that <code>149.28.194.95</code> was attempting to exploit CVE-2024-3400 </p><p><a href="https://infosec.exchange/tags/CVE_2024_3400" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_3400</span></a> <a href="https://infosec.exchange/tags/PaloAltoNetworks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PaloAltoNetworks</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>activeexploitation</span></a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eitw</span></a> <a href="https://infosec.exchange/tags/kev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kev</span></a> <a href="https://infosec.exchange/tags/KnownExploitedVulnerabilitiesCatalog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KnownExploitedVulnerabilitiesCatalog</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofofConcept</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/IOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOC</span></a></p>
Not Simon<p>In case you missed it, <strong>Palo Alto Networks</strong> updated their security advisory in terms of product and mitigation guidance, exploit status, and PAN-OS fix availability: 🔗 <a href="https://security.paloaltonetworks.com/CVE-2024-3400" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security.paloaltonetworks.com/</span><span class="invisible">CVE-2024-3400</span></a></p><ul><li><strong>Exploitation status:</strong> Proof of concepts for this vulnerability have been publicly disclosed by third parties.</li><li><strong>Workarounds and mitigations:</strong> In earlier versions of this advisory, disabling device telemetry was listed as a secondary mitigation action. Disabling device telemetry is no longer an effective mitigation. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.</li><li><strong>Solution:</strong><ul><li>- 10.2.6-h3 (Released 4/16/24)</li><li>- 11.0.3-h10 (Released 4/16/24)</li><li>- 11.0.2-h4 (Released 4/16/24)</li><li>- 11.1.0-h3 (Released 4/16/24)</li></ul></li></ul><p><a href="https://infosec.exchange/tags/CVE_2024_3400" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_3400</span></a> <a href="https://infosec.exchange/tags/PaloAltoNetworks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PaloAltoNetworks</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>activeexploitation</span></a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eitw</span></a> <a href="https://infosec.exchange/tags/kev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kev</span></a> <a href="https://infosec.exchange/tags/KnownExploitedVulnerabilitiesCatalog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KnownExploitedVulnerabilitiesCatalog</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/ProofofConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofofConcept</span></a></p>
Stefan Bohacek<p>A little proof of concept showing the GrapesJS page builder integrated with Glitch via a browser extension.</p><p><a href="https://stefanbohacek.online/tags/demo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>demo</span></a> <a href="https://stefanbohacek.online/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofOfConcept</span></a> <a href="https://stefanbohacek.online/tags/glitch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>glitch</span></a> <a href="https://stefanbohacek.online/tags/MadeWithGlitch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MadeWithGlitch</span></a></p>
Simon Walters<p><a href="https://fosstodon.org/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofOfConcept</span></a> Following a chat with <span class="h-card" translate="no"><a href="https://fosstodon.org/@moenig" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>moenig</span></a></span> at <a href="https://fosstodon.org/tags/FOSDEM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSDEM</span></a> </p><p>Sending out a <a href="https://fosstodon.org/tags/NodeRED" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NodeRED</span></a> message to <span class="h-card" translate="no"><a href="https://fosstodon.org/@SnapCloud" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>SnapCloud</span></a></span> via <a href="https://fosstodon.org/tags/MQTT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MQTT</span></a> - modifiying it and then returning it back to NodeRED</p>
Cory Doctorow<p>The company claimed that there was some nonspecific way in which Beeper Mini weakened the security of Apple customers, though they offered no evidence in support of that claim. Remember, the gold standard for security claims is <a href="https://mamot.fr/tags/ProofOfConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofOfConcept</span></a> code, not hand-waving:</p><p><a href="https://nostarch.com/gtfo" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">nostarch.com/gtfo</span><span class="invisible"></span></a></p><p>36/</p>
ExploreLive feeds
About