GitHub security update: A bug related to handling of authenticated sessions
CompanySecurityGitHub security update: A bug related to handling of authenticated sessionsWhy did I get logged out of GitHub.com? On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out… Why did I get logged out of GitHub.com? On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:0
GitHub - semgrep/semgrep: Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
This repository contains the source code for Semgrep OSS (open-source software). Semgrep OSS is a fast, open-source, static analysis tool for searching code, finding bugs, and enforcing code standards at editor, commit, and CI time. Semgrep is a semantic grep for code: where grep "2" would only match the exact string 2, Semgrep would match x = 1; y = x + 1 when searching for 2. And it does this in
『ロードス島戦記』ディードリットが主人公の新作2Dアクションゲーム発表。『東方ルナナイツ』のlady bug氏が手掛けるメトロイドヴァニア | ゲーム・エンタメ最新情報のファミ通.com
本作は、ユーザーからの要望でさらに作品を磨き上げるため 、アーリーアクセス版としてリリース。原作の主要キャラクターが多数登場予定の完成版は全6ステージを想定して おり、 3月13日のアーリーアクセス開始時点ではまずステージ1をプレイすることが可能だ。フルリリースは2020年内を予定している。 『ロードス島戦記 誓約の宝冠』に至るディードリット空白の物語が、2Dアクションゲームに。 水野良原作による『ロードス島戦記』と言えば、シリーズ累計発行部数1000万部、OVA出荷本数55万本を誇り、エルフや魔法など日本にファンタジーの世界観を根付かせた伝説の金字塔作品。本作では、同シリーズのヒロインでエルフのイメージを決定づけたとも言われている“ディードリット”の 、2019年に12年ぶりに発売された新作『ロードス島戦記 誓約の宝冠 』に至るまでの空白の物語を2Dアクションゲーム化する。 開発は、全世
佛祖保佑,永无 BUG
index.js ��:�@V // // _oo0oo_ // o8888888o // 88" . "88 // (| -_- |) // 0\ = /0 // ___/`---'\___ // .' \\| |// '. // / \\||| : |||// \ // / _||||| -:- |||||- \ // | | \\\ - /// | | // | \_| ''\---/'' |_/ | // \ .-\__ '-' ___/-. / // ___'. .' /--.--\ `. .'___ // ."" '< `.___\_<|>_/___.' >' "". // | | : `- \`.;`\ _ /`;.`/ - ` : | | // \ \ `_. \_ __\ /__ _/ .-` / / // =====`-.____`.___ \_____/___.-`_
In late 2020, Apple debuted the M1 with Apple’s GPU architecture, AGX, rumoured to be derived from Imagination’s PowerVR series. Since then, we’ve been reverse-engineering AGX and building open source graphics drivers. Last January, I rendered a triangle with my own code, but there has since been a heinous bug lurking: The driver fails to render large amounts of geometry. Spinning a cube is fine,
伊丹和弘@朝日新聞社SDGs担当ですが、それ以外の話が多めです on Twitter: "公明党の議員さんが、読んだ人が判断を誤るようなツイートするのはどうかと思います。 当時の民主党政権の政府案になかった軽減税率を三党合意に入れたのは公明党ですよね。当時報道され、公明党自身が公式サイトでそう主張しています。 → 一体… https://t.co/ZWh0t25BuG"
公明党の議員さんが、読んだ人が判断を誤るようなツイートするのはどうかと思います。 当時の民主党政権の政府案になかった軽減税率を三党合意に入れたのは公明党ですよね。当時報道され、公明党自身が公式サイトでそう主張しています。 → 一体… https://t.co/ZWh0t25BuG
pip/.github/ISSUE_TEMPLATE/bug-report.yml at main · pypa/pip
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
GitHub - rocky-linux/rocky: Rocky Linux is a community enterprise Operating System designed to be 100% bug-for-bug compatible with Enterprise Linux created in response to the effective discontinuation of CentOS.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Gain write permission of repositories with a bug in GitHub Actions
Gain write permission of repositories with a bug in GitHub Actions 2021/04/02 22:28:00 GitHub Actions is a useful feature for the jobs, for example, building, publishing. I found a bug which allows unauthorized users to edit the main branch of the repositories in GitHub. Repositories which enables GitHub Actions are affected but fortunately, the bug exists in a brief window from 2021/02/04 18:42 U
New Linux bug gives root on all major distros, exploit released
HomeNewsSecurityNew Linux bug gives root on all major distros, exploit released A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits. Today, security researcher Max Kellermann responsibly disclosed the 'Dirty Pipe' vulnerability and stated that it affects Linux Kernel 5.8 and later versions, even on Android devices. The vuln
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
About polkit polkit is the system service that’s running under the hood when you see a dialog box like the one below: It essentially plays the role of a judge. If you want to do something that requires higher privileges—for example, creating a new user account—then it’s polkit’s job to decide whether or not you’re allowed to do it. For some requests, polkit will make an instant decision to allow o
How a simple Linux kernel memory corruption bug can lead to complete system compromise
In this case, reallocating the object as one of those three types didn't seem to me like a nice way forward (although it should be possible to exploit this somehow with some effort, e.g. by using count.counter to corrupt the buf field of seq_file). Also, some systems might be using the slab_nomerge kernel command line flag, which disables this merging behavior. Another approach that I didn't look
40 Ms Bug
40 millisecond bug This is a small story about tracking down a production bug in a Rust application. I don’t know if there’s any take away from this one for the reader, but it felt interesting so I’m sharing it. A bit of backstory In Avast, we have a Rust application called urlite. It serves as a backend to some other applications, provides them a HTTP API. It’s in Rust because it is latency criti
Linux kernel bug can let hackers escape Kubernetes containers
HomeNewsSecurityLinux kernel bug can let hackers escape Kubernetes containers A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape containers in Kubernetes, giving access to resources on the host system. Security researchers warn that exploiting this security issue is easier and more promising than initially estimated, and that patching is an urgent matter sinc
The #1 bug predictor is not technical, it's organizational complexity
(Higher numbers are better. A more detailed description follows.) That's pretty interesting! Organizational structure has the highest precision, and the highest recall. (Again, more on the details later). That's pretty interesting, isn't it? The distance to decision makers and the number of developers working on a project is clearly and unambiguously the issue that is the best predictor of future
Windows 10 bug corrupts your hard drive on seeing this file's icon
HomeNewsSecurityWindows 10 bug corrupts your hard drive on seeing this file's icon An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command. In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive erro
Google fixes major Gmail bug seven hours after exploit details go public
What is phishing? Everything you need to know to protect yourself from scam emails and more Don't click on that email! Find everything you need to know in this phishing guide including how to protect yourself from one of the most common forms of cyber attack. Read now Google has patched on Wednesday a major security bug impacting the Gmail and G Suite email servers. The bug could have allowed a th
As part of our standard toolkit, we provide each developer at Skroutz with a writable database snapshot against which she can develop. These snapshots are updated daily through a pipeline that involves taking an LVM snapshot of production data, anonymizing the dataset by stripping all personal data, and transferring it via rsync to the development database servers. The development servers in turn
CVE-2023-34152: Shell Command Injection Bug Affecting ImageMagick
CVE-2023-34152: Shell Command Injection Bug Affecting ImageMagickby do son · May 31, 2023 In the world of open-source software, ImageMagick has long been revered as a potent tool for raster and vector image manipulation. Its vast array of capabilities—ranging from the display, conversion, and editing of more than 200 image file formats to diverse manipulation operations such as resizing, cropping,
“Bug Like an Angel” from the album ‘The Land Is Inhospitable and So Are We’ by Mitski, Japanese lyrics. Listen: https://Mitski.lnk.to/TLIIASAW Order on Black, Pink Aster or Gold Metallic Vinyl: https://mitski.lnk.to/TLIIASAW-Physical Watch the official Bug Like an Angel music video: https://www.youtube.com/watch?v=5WW7cuAm-7Y https://mitski.com/ https://www.twitter.com/mitskileaks https://www.i
Zoom Bug Could Have Let Uninvited People Join Private Meetings
If you use Zoom to host your remote online meetings, you need to read this piece carefully. The massively popular video conferencing software has patched a security loophole that could have allowed anyone to remotely eavesdrop on unprotected active meetings, potentially exposing private audio, video, and documents shared throughout the session. Besides hosting password-protected virtual meetings a
Fixing bug 109595 makes MySQL almost 4X faster on the Insert Benchmark
MySQL 8.0.35 includes a fix for bug 109595 and with that fix the QPS is almost 4X larger on the read+write benchmark steps compared to MySQL 8.0.34. Thank you to MySQL for fixing this quickly. I reported the bug in January of 2023. I have been aware of the performance problem for years, but didn't spend time debugging it until this year. I assume this problem was limited to InnoDB because I did no
2020.02.29 CAA Rechecking Bug - Incidents - Let's Encrypt Community Support
On 2020-02-29 UTC, Let’s Encrypt found a bug in our CAA code. Our CA software, Boulder, checks for CAA records at the same time it validates a subscriber’s control of a domain name. Most subscribers issue a certificate immediately after domain control validation, but we consider a validation good for 30 days. That means in some cases we need to check CAA records a second time, just before issuance
OpenAI’s mission is to create artificial intelligence systems that benefit everyone. To that end, we invest heavily in research and engineering to ensure our AI systems are safe and secure. However, as with any complex technology, we understand that vulnerabilities and flaws can emerge. We believe that transparency and collaboration are crucial to addressing this reality. That’s why we are invitin
Apple、Bug bounty programをmacOSなどにも拡大し、セキュリティ研究者にSSHやRoot Shellが利用できるiPhoneを提供。
AppleがBug bounty programをmacOSにも適用し、セキュリティ研究者にSSHやRoot Shellが利用できるiPhoneを提供するそうです。詳細は以下から。 Appleのセキュリティ&アーキテクチャーの主任エンジニアであるIvan Krstićさんは現地時間2019年08月08日、現在ラスベガスで開催されているセキュリティ・カンファレンス「Black Hat USA 2019」で登壇し、現在同社がiOSプラットフォームのみに提供している「Bug Bounty Program」をmacOSやtvOS, watchOS, iCloudなど全てのAppleプラットフォームへ拡大すると発表したそうです。 The technology giant said Thursday it will roll out the bug bounty program to include
Using TLA+ in the Real World to Understand a Glibc Bug by Malte Skarupke TLA+ is a formal specification language that you can use to verify programs. It’s different from other formal verification systems in that it’s very pragmatic. Instead of writing proofs, it works using the simple method of running all possible executions of a program. You can write assertions and if they’re not true for any p
サブPCとしてSurface Goを使っていることもあって、やっぱりメイン環境がHiDPIじゃないのがきになってきていたので、 4Kモニタを導入してみたのだが、Linuxで使おうとするといろいろ問題がでてきた。 まず、LinuxでのHiDPI設定というのはいまだにこなれてなくて、アプリごとにいろいろな設定をする必要がある。詳しくはArchWikiの該当ページとかを参照。 まぁまだそれは良いとして、いまの自分の環境のように、HiDPIなモニタとそうじゃないモニタが混在しているマルチモニタ環境だと、HiDPI設定をしたアプリを普通のモニタで表示するとめっちゃでっかく表示されてしまったりと、かなりツラいことになる。 HiDPIなモニタで環境を統一してしまえばいいのかもしれないが、個人的にはHiDPIなモニタと、144Hzなど高リフレッシュレートのモニタの組み合せが現状ゲーマーエンジニア的にはベス
Visiteurs depuis le 27/01/2019 : 4976 Connectés : 1 Record de connectés : 18 PC and Mac - 3.0.5 Beyond - Known Issues Hey Cmdrs, Below is a list of commonly reported issues we're aware of and currently looking into. Please check over this list before submitting a new report and add to the existing report rather than creating a new bug, as it could save you time that I'm sure you would rather spend
SonicWall: Patch critical SQL injection bug immediately
SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS (Global Management System) and Analytics On-Prem products. "SonicWall PSIRT strongly suggests that organizations using the Analytics On-Prem version outlined below should upgrade to the respective patched version immediately," warns SonicWall in an advisory. The flaw, tracked as CVE-2022-22
Disclosure: I was the Staff Engineering Manager for the npm CLI team between July 2019 & December 2022. I was a part of the GitHub acquistion of npm inc. in 2020. I left GitHub, for various reasons, in December. tldr;a npm package's manifest is published independently from its tarballmanifests are never fully validated against the tarball's contentsthe ecosystem has broadly assumed the contents of
SIGRed - Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers - Check Point Research
SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers Research by: Sagi Tzadik Introduction DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses. Because it is such a core component of the internet, there are many solutions and implementations of DNS s
Visiteurs depuis le 26/01/2019 : 8480 Connectés : 1 Record de connectés : 19 Device: Mac OS. Creates sequences in any time-signature. Minor bug fix. ⌘+R to reload cards in currently selected list. UI renovation with extensive set of export options for intuitive. The Mac App for playing the video of the iDashboard driving recorder is capable. Price: $14.99, Version: 1.30 -> 1.40 (iTunes). R-sig-mac
Bug Bounty Guide
🖇 Bug Bounty Guide Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters. A great place to learn about the various aspects of bug bounties, and how you can improve your skills in this area. This service also provides you with a versatile set of tools that can assist you during the launching process of your program or help you find valid security issues on bug bounty progr
While running Rails puma servers in production, we were seeing the incident that some old worker processes suddenly got stuck regardless of no change in the amount or trend of requests. I found out the root cause and reported it to the upstream. This issue still exists in Ruby 2.6.0 and can be found as far back as Ruby 2.5.0. If you just want a summary of the bug, see ruby-lang#17669. What Happene
Haruki Sonehara / 🇺🇸シリコンバレーのプロダクトマネージャー(B2B・B2C) on Twitter: "USだとBug Bounty Program(インパクト大なセキュリティー脆弱性を見つけた人に報奨金を出す)制度が一般化していて、グーグルを始め大手どころは最高1億円前後を出してる。 一方トヨタは、 「お礼のみ」 えっとあの… https://t.co/dH5KGKrsEF"
USだとBug Bounty Program(インパクト大なセキュリティー脆弱性を見つけた人に報奨金を出す)制度が一般化していて、グーグルを始め大手どころは最高1億円前後を出してる。 一方トヨタは、 「お礼のみ」 えっとあの… https://t.co/dH5KGKrsEF
GitHub - streaak/keyhacks: Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding If you've used emulators for older platforms, you probably experienced a level of precise control over software execution that we lack on contemporary platforms. For example, if you play 8-bit video games emulated on your modern console, you are able to suspend and rewind gameplay, and when you resume, that incoming creatu
Julia 1.5 Feature Preview: Time Traveling (Linux) Bug Reporting
Julia 1.5 Feature Preview: Time Traveling (Linux) Bug Reporting The Julia project, like any large open source project, gets a large number of bug reports every day. As the developers of the language, we try our best to be as responsive as possible and to triage, investigate and fix any bugs as quickly as possible. For some bugs, this is easy. If the bug report is well written and the problem is ev
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
The Apple GPU and the Impossible Bug
Appleはセキュリティ研究者らから批判を受けていたBug Bounty ProgramをmacOSにも適用するもよう。
Uncovering a 24-year-old bug in the Linux Kernel
A lazy fix 20 years ago means the Y2K bug is taking down computers now
Mitski - Bug Like an Angel (歌詞和訳リリックビデオ) - YouTube
Announcing OpenAI’s Bug Bounty Program
Using TLA+ in the Real World to Understand a Glibc Bug
Windowsをメイン開発環境として使ってみる試みでbug.nを導入
Panopto: Known Issue/bug For Mac
The massive bug at the heart of the npm ecosystem
R-sig-mac Bug In R.app Gui 1.40 For Mac
Why puma workers constantly hung, and how we fixed by discovering the bug of Ruby v2.5.8 and v2.6.6