KasTas

joined 1 year ago
MODERATOR OF
[–] [email protected] 1 points 3 months ago

So, cloning a malicious repository on GitHub Codespaces using GitHub CLI will always leak the access token to the attacker’s hosts.

baha

 

Laughed my ass off:

"Since QEMU is a legitimate tool that is also digitally signed, Windows does not raise any alarms about it running, and security tools cannot scrutinize what malicious programs are running inside the virtual machine."

[–] [email protected] 1 points 5 months ago (1 children)

What about 38C3 this year? :}

[–] [email protected] 1 points 11 months ago

Excerpt on impact:

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It’s also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server.

[–] [email protected] 3 points 1 year ago

yay, signed patches

view more: next ›