June 17, 2024

                            June 17, 2024

                June 17, 2024

                        June 17, 2024
Video of the Keynote talk from last T2 infosec conference in history: 

𝒮𝒴𝒮𝒯𝐸𝑀𝒮 𝒜𝐿𝒞𝐻𝐸𝑀𝒴. By @thegrugq. https://t.co/5NrHNuNAmA
— @mikko (@mikko) June 16, 2024

When I check the stats in 24 hours, those view counts better be in the thousands! 

No analysis done, but the raw data is there.

Kornel: "I've compared nearly all Rust crates.io crates to…" - Mastodon
I've compared nearly all Rust crates.io crates to contents of their git repositories. 

Here's a dump of this data (33MB compressed, 150K files): https://lib.rs/data/rust-repo-checks.tar.xz

The comparison algorithm and the JSON format is described here:
https://gitlab.com/lib.rs/main/-/blob/main/tarball/src/comparator.rs

#rustlang

Our ThinkstScapes Q1 edition is now ready to grab at https://t.co/4noer7uyR6

This quarter we picked from ~660 talks & over 1200 blog posts.

As usual, it includes a brief audio summary, and as usual, it's completely free¹.

__

¹ No annoying reg-wall either pic.twitter.com/0rlehGkuCU
— Thinkst Canary (@ThinkstCanary) June 17, 2024

Read this description. How would you classify this vulnerability?

LAN-Side Unauthenticated Access to Management Features: 
Unauthenticated attackers on the same network can force the device to enable telnet service by accessing a specific URL and can log in using the hardcoded credentials obtained from reverse engineering and analyzing the firmware

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398
Path traversal is correct! Good job

                            Don't miss what's next. Subscribe to the grugq's newsletter: