Will Dormann is on Mastodon
@wdormann.bsky.social
I play with vulnerabilities and exploits.
While this site initially showed promise, I've grown tired with its lack of improvement.
You'll find me @[email protected] on Mastodon.
While this site initially showed promise, I've grown tired with its lack of improvement.
You'll find me @[email protected] on Mastodon.
Testing multi-posting app Croissant...
November 18, 2024 at 3:01 AM
Testing multi-posting app Croissant...
To those who still have posts remaining on the Nazi site for the sole purpose of being able to search through things that you've said in the past:
1) First download an archive of your data. (There might be a 1-day delay before you get it)
x.com/settings/dow...
1) First download an archive of your data. (There might be a 1-day delay before you get it)
x.com/settings/dow...
x.com
x.com
November 16, 2024 at 8:10 PM
To those who still have posts remaining on the Nazi site for the sole purpose of being able to search through things that you've said in the past:
1) First download an archive of your data. (There might be a 1-day delay before you get it)
x.com/settings/dow...
1) First download an archive of your data. (There might be a 1-day delay before you get it)
x.com/settings/dow...
Did everybody enjoy that video streaming marvel that was the Mike Tyson fight last night?
November 16, 2024 at 3:22 PM
Did everybody enjoy that video streaming marvel that was the Mike Tyson fight last night?
Did you notice that Temu dropped the bucks for *several* superbowl ads?
Turns out that their Android app was utilizing an 0day exploit to achieve an advantage over their competition.
Totally normal stuff going on here.
arstechnica.com/information-...
Turns out that their Android app was utilizing an 0day exploit to achieve an advantage over their competition.
Totally normal stuff going on here.
arstechnica.com/information-...
February 14, 2024 at 4:06 AM
Did you notice that Temu dropped the bucks for *several* superbowl ads?
Turns out that their Android app was utilizing an 0day exploit to achieve an advantage over their competition.
Totally normal stuff going on here.
arstechnica.com/information-...
Turns out that their Android app was utilizing an 0day exploit to achieve an advantage over their competition.
Totally normal stuff going on here.
arstechnica.com/information-...
Every Patch Tuesday I'm reminded that in Microsoft's world, "No thanks" means "Ask me again later".
February 13, 2024 at 7:22 PM
Every Patch Tuesday I'm reminded that in Microsoft's world, "No thanks" means "Ask me again later".
Dear documentation authors,
You... You do know that people can't click buttons on paper, right?
You... You do know that people can't click buttons on paper, right?
February 11, 2024 at 5:13 PM
Dear documentation authors,
You... You do know that people can't click buttons on paper, right?
You... You do know that people can't click buttons on paper, right?
watchTowr: Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti?
labs.watchtowr.com/are-we-now-p...
labs.watchtowr.com/are-we-now-p...
February 9, 2024 at 1:20 PM
watchTowr: Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti?
labs.watchtowr.com/are-we-now-p...
labs.watchtowr.com/are-we-now-p...
Ivanti Connect Secure is vulnerable to xmltooling CVE-2023-36661.
How was this handled?
HackerOne assigned CVE-2024-21893 to capture this.
Nobody knows how CVE works, and nobody enforces any rules. 🤦♂️
twitter.com/stephenfewer...
How was this handled?
HackerOne assigned CVE-2024-21893 to capture this.
Nobody knows how CVE works, and nobody enforces any rules. 🤦♂️
twitter.com/stephenfewer...
February 3, 2024 at 4:41 PM
Ivanti Connect Secure is vulnerable to xmltooling CVE-2023-36661.
How was this handled?
HackerOne assigned CVE-2024-21893 to capture this.
Nobody knows how CVE works, and nobody enforces any rules. 🤦♂️
twitter.com/stephenfewer...
How was this handled?
HackerOne assigned CVE-2024-21893 to capture this.
Nobody knows how CVE works, and nobody enforces any rules. 🤦♂️
twitter.com/stephenfewer...
We all know that the Ivanti ICT cannot be trusted on a maybe-compromised device. Even the external ICT.
But what about this recommended factory reset? That restores it to the state when you got it from the factory, right?
Get real.
Please avoid magical thinking, folks 🪄
(insert desire for GIFs here)
But what about this recommended factory reset? That restores it to the state when you got it from the factory, right?
Get real.
Please avoid magical thinking, folks 🪄
(insert desire for GIFs here)
February 2, 2024 at 5:25 PM
We all know that the Ivanti ICT cannot be trusted on a maybe-compromised device. Even the external ICT.
But what about this recommended factory reset? That restores it to the state when you got it from the factory, right?
Get real.
Please avoid magical thinking, folks 🪄
(insert desire for GIFs here)
But what about this recommended factory reset? That restores it to the state when you got it from the factory, right?
Get real.
Please avoid magical thinking, folks 🪄
(insert desire for GIFs here)
Got a cheap toy drone, and it has... Fake antennas!
I mean, why bother?
I mean, why bother?
February 2, 2024 at 3:27 AM
Got a cheap toy drone, and it has... Fake antennas!
I mean, why bother?
I mean, why bother?
Hey everybody there are unfixed vulnerabilities in Ivanti Connect Secure!
No, not those (which are STILL unfixed).
The new ones: CVE-2024-21888 (privesc to admin) and CVE-2024-21893 (SSRF to access "restricted resources")
mitigation.release.20240126.5.xml
forums.ivanti.com/s/article/KB...
No, not those (which are STILL unfixed).
The new ones: CVE-2024-21888 (privesc to admin) and CVE-2024-21893 (SSRF to access "restricted resources")
mitigation.release.20240126.5.xml
forums.ivanti.com/s/article/KB...
January 31, 2024 at 1:00 PM
Hey everybody there are unfixed vulnerabilities in Ivanti Connect Secure!
No, not those (which are STILL unfixed).
The new ones: CVE-2024-21888 (privesc to admin) and CVE-2024-21893 (SSRF to access "restricted resources")
mitigation.release.20240126.5.xml
forums.ivanti.com/s/article/KB...
No, not those (which are STILL unfixed).
The new ones: CVE-2024-21888 (privesc to admin) and CVE-2024-21893 (SSRF to access "restricted resources")
mitigation.release.20240126.5.xml
forums.ivanti.com/s/article/KB...
Apparently the Intel Wi-Fi driver for Linux isn't terribly reliable.
Which makes me wonder... what's the go-to Wi-Fi 6E adapter that people use in the Linux world these days?
Or has the Linux world not quite embraced Wi-Fi yet, and reliable requires wired?
bugzilla.kernel.org/show_bug.cgi...
Which makes me wonder... what's the go-to Wi-Fi 6E adapter that people use in the Linux world these days?
Or has the Linux world not quite embraced Wi-Fi yet, and reliable requires wired?
bugzilla.kernel.org/show_bug.cgi...
January 28, 2024 at 2:29 PM
Apparently the Intel Wi-Fi driver for Linux isn't terribly reliable.
Which makes me wonder... what's the go-to Wi-Fi 6E adapter that people use in the Linux world these days?
Or has the Linux world not quite embraced Wi-Fi yet, and reliable requires wired?
bugzilla.kernel.org/show_bug.cgi...
Which makes me wonder... what's the go-to Wi-Fi 6E adapter that people use in the Linux world these days?
Or has the Linux world not quite embraced Wi-Fi yet, and reliable requires wired?
bugzilla.kernel.org/show_bug.cgi...
I wonder why Atlassian doesn't have any security documents anymore.
No? Just me?
No? Just me?
January 25, 2024 at 8:12 PM
I wonder why Atlassian doesn't have any security documents anymore.
No? Just me?
No? Just me?
Just 3 adjacent passengers on a Delta flight, suggests said airline.
January 25, 2024 at 2:14 PM
Just 3 adjacent passengers on a Delta flight, suggests said airline.
Connect Secure customers should:
"stop pushing configurations to appliances with the [workaround] XML in place... it stops some key web services from functioning, and stops the mitigation from functioning"
Surely no regrets with Ivanti purchases here.
forums.ivanti.com/s/article/KB...
"stop pushing configurations to appliances with the [workaround] XML in place... it stops some key web services from functioning, and stops the mitigation from functioning"
Surely no regrets with Ivanti purchases here.
forums.ivanti.com/s/article/KB...
January 23, 2024 at 2:50 AM
Connect Secure customers should:
"stop pushing configurations to appliances with the [workaround] XML in place... it stops some key web services from functioning, and stops the mitigation from functioning"
Surely no regrets with Ivanti purchases here.
forums.ivanti.com/s/article/KB...
"stop pushing configurations to appliances with the [workaround] XML in place... it stops some key web services from functioning, and stops the mitigation from functioning"
Surely no regrets with Ivanti purchases here.
forums.ivanti.com/s/article/KB...
Only today did Google Nest send me a warning that my furnace started experiencing problems on January 9. Thanks for the tip, but guess what? I started noticing that there was trouble when... the house WAS COLD! Why was this information held back for a week and a half? 🤦♂️
January 20, 2024 at 3:23 PM
Only today did Google Nest send me a warning that my furnace started experiencing problems on January 9. Thanks for the tip, but guess what? I started noticing that there was trouble when... the house WAS COLD! Why was this information held back for a week and a half? 🤦♂️
Python:
If you choose to explicitly enable shell=True, it's the application's responsibility to avoid shell injection vulnerabilities.
Ivanti:
(Hold my beer)
YOLO!!!!!!!1
If you choose to explicitly enable shell=True, it's the application's responsibility to avoid shell injection vulnerabilities.
Ivanti:
(Hold my beer)
YOLO!!!!!!!1
January 18, 2024 at 5:55 PM
Python:
If you choose to explicitly enable shell=True, it's the application's responsibility to avoid shell injection vulnerabilities.
Ivanti:
(Hold my beer)
YOLO!!!!!!!1
If you choose to explicitly enable shell=True, it's the application's responsibility to avoid shell injection vulnerabilities.
Ivanti:
(Hold my beer)
YOLO!!!!!!!1
Ivanti Connect Secure CVE-2023-46805: You can access resources by prefixing with any number of no-auth resources and directory traversal to where you want to go. CVE-2024-21887: Command injection with certain targets. Paying customers can mitigate the former.
attackerkb.com/topics/AdUh6...
attackerkb.com/topics/AdUh6...
January 16, 2024 at 9:37 PM
Ivanti Connect Secure CVE-2023-46805: You can access resources by prefixing with any number of no-auth resources and directory traversal to where you want to go. CVE-2024-21887: Command injection with certain targets. Paying customers can mitigate the former.
attackerkb.com/topics/AdUh6...
attackerkb.com/topics/AdUh6...
CVE wonders:
Apache created CVE-2023-49070 to capture: "Our OFBiz product has Apache XML-RPC, which is vulnerable to CVE-2019-17570".
This seems... wrong?
If every vendor created a new CVE to capture "Hey, we use library <foo> that already has a CVE", how can this possibly scale?
Apache created CVE-2023-49070 to capture: "Our OFBiz product has Apache XML-RPC, which is vulnerable to CVE-2019-17570".
This seems... wrong?
If every vendor created a new CVE to capture "Hey, we use library <foo> that already has a CVE", how can this possibly scale?
January 16, 2024 at 6:42 PM
CVE wonders:
Apache created CVE-2023-49070 to capture: "Our OFBiz product has Apache XML-RPC, which is vulnerable to CVE-2019-17570".
This seems... wrong?
If every vendor created a new CVE to capture "Hey, we use library <foo> that already has a CVE", how can this possibly scale?
Apache created CVE-2023-49070 to capture: "Our OFBiz product has Apache XML-RPC, which is vulnerable to CVE-2019-17570".
This seems... wrong?
If every vendor created a new CVE to capture "Hey, we use library <foo> that already has a CVE", how can this possibly scale?
So apparently starting with Linux 5.18, ASLR is weakened for 64-bit executables, and absolutely BROKEN (i.e. not present) for 32-bit executables when the library is 2MB or larger.
Oops? 🤦♂️
zolutal.github.io/aslrnt/
(Insert desire for BlueSky to support animated GIFs here)
Oops? 🤦♂️
zolutal.github.io/aslrnt/
(Insert desire for BlueSky to support animated GIFs here)
January 12, 2024 at 5:32 PM
So apparently starting with Linux 5.18, ASLR is weakened for 64-bit executables, and absolutely BROKEN (i.e. not present) for 32-bit executables when the library is 2MB or larger.
Oops? 🤦♂️
zolutal.github.io/aslrnt/
(Insert desire for BlueSky to support animated GIFs here)
Oops? 🤦♂️
zolutal.github.io/aslrnt/
(Insert desire for BlueSky to support animated GIFs here)
Let's use Ivanti VPN CVE-2024-21887 CVE-2023-46805 as an example of magical thinking.
If you think your web server was compromised, would you use a remote web browser to confirm whether this is true?
This is what the "external" ICT workflow does.
Thoughts and prayers to customers.
If you think your web server was compromised, would you use a remote web browser to confirm whether this is true?
This is what the "external" ICT workflow does.
Thoughts and prayers to customers.
January 11, 2024 at 2:06 PM
Let's use Ivanti VPN CVE-2024-21887 CVE-2023-46805 as an example of magical thinking.
If you think your web server was compromised, would you use a remote web browser to confirm whether this is true?
This is what the "external" ICT workflow does.
Thoughts and prayers to customers.
If you think your web server was compromised, would you use a remote web browser to confirm whether this is true?
This is what the "external" ICT workflow does.
Thoughts and prayers to customers.
I'll admit it. I'm giddy.
October 21, 2023 at 9:04 PM
I'll admit it. I'm giddy.
Well, forcing Twitter users to now invent their own headlines is going exactly as absolutely everyone could have predicted.
I really wish this exodus would happen quicker than the current pace. 😕
I really wish this exodus would happen quicker than the current pace. 😕
October 8, 2023 at 1:30 PM
Well, forcing Twitter users to now invent their own headlines is going exactly as absolutely everyone could have predicted.
I really wish this exodus would happen quicker than the current pace. 😕
I really wish this exodus would happen quicker than the current pace. 😕
Meanwhile on the smoldering remains of the Twitter site:
Elmo finds a way to make it better for the worst people on the planet.
I also love how it says "subscribed", which I'm clearly not, and have had the account blocked for years.
Elmo finds a way to make it better for the worst people on the planet.
I also love how it says "subscribed", which I'm clearly not, and have had the account blocked for years.
August 18, 2023 at 5:27 PM
Meanwhile on the smoldering remains of the Twitter site:
Elmo finds a way to make it better for the worst people on the planet.
I also love how it says "subscribed", which I'm clearly not, and have had the account blocked for years.
Elmo finds a way to make it better for the worst people on the planet.
I also love how it says "subscribed", which I'm clearly not, and have had the account blocked for years.
It's so embarrassingly weird over at that other site.
My hope is that BlueSky will get to the point where it's open to the public before Twitter explodes and/or the exodus actually happens.
Otherwise, it'll just be a fun little experiment.
My hope is that BlueSky will get to the point where it's open to the public before Twitter explodes and/or the exodus actually happens.
Otherwise, it'll just be a fun little experiment.
August 2, 2023 at 2:42 PM
It's so embarrassingly weird over at that other site.
My hope is that BlueSky will get to the point where it's open to the public before Twitter explodes and/or the exodus actually happens.
Otherwise, it'll just be a fun little experiment.
My hope is that BlueSky will get to the point where it's open to the public before Twitter explodes and/or the exodus actually happens.
Otherwise, it'll just be a fun little experiment.