blueos - Slashdot User

Comment Re:Explain it to non-technical users (Score 1) 94

by blueos on Monday October 04, 2021 @06:25PM (#61861355) Attached to: Millions Experience Browser Problems After Long-Anticipated Expiration of 'Let's Encrypt' Certificate

In 2035, ISRG Root X1 will expire... game over for your (old) devices.
Only dreamers think that manufacturers will provide an update before the certificates expires for the computers or other devices bought this year.

Tic tac tic tac tic tac

Broken by design [TM]

Submission + - You Can Bypass Authentication on HPE iLO4 Servers With 29 "A" Characters (bleepingcomputer.com)

Submitted by Anonymous Coward on Saturday July 07, 2018 @05:13PM

An anonymous reader writes: Details and public exploit code have been published online for a severe vulnerability affecting Hewlett Packard Enterprise Integrated Lights-Out 4 (HPE iLO 4) servers. The vulnerability is an authentication bypass that allows attackers access to HP iLO consoles. Researchers say this access can later be used to extract cleartext passwords, execute malicious code, and even replace iLO firmware. But besides being a remotely exploitable flaw, this vulnerability is also as easy as it gets when it comes to exploitation, requiring a cURL request and 29 letter "A" characters, as below:

curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

Because of its simplicity and remote exploitation factor, the vulnerability —tracked as CVE-2017-12542— has received a severity score of 9.8 out of 10. HP silently released patches last year, but details only emerged this spring after researchers started presenting their work at security conferences.

Comment Quote of the year (Score 1) 179

by blueos on Tuesday May 08, 2018 @04:20PM (#56576168) Attached to: Ubuntu Considering an HTML5-Based OS Installer

"a ton of GREAT apps on Ubuntu are Electron apps" -- Mark Shuttleworth For sure, a new installer is the "top priority" issue of Ubuntu OS. https://bugs.launchpad.net/ubu... returns ONLY 137332 open bugs (434 critical)

Comment Cool (Score 1) 267

by blueos on Saturday January 21, 2012 @03:01PM (#38775562) Attached to: Downloads of DoS Attack Tool LOIC Spike

Good to kwow that script kiddies are not using tools like PostTester (http://magic-hash.com) that exploit the recent hash flaws in post requests!

FreeBSD 7.1 Released 324

Posted by CmdrTaco on Tuesday January 06, 2009 @11:10AM from the for-the-1337-amongst-us dept.

Sol-Invictus writes "The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 7.1-RELEASE. This is the second release from the 7-STABLE branch which improves on the functionality of FreeBSD 7.0 and introduces some new features. Some of the highlights: The ULE scheduler is now the default in GENERIC kernels for amd64 and i386 architectures. The ULE scheduler significantly improves performance on multicore systems for many workloads. Support for using DTrace inside the kernel has been imported from OpenSolaris. DTrace is a comprehensive dynamic tracing framework. A new and much-improved NFS Lock Manager (NLM) client. Boot loader changes allow, among other things, booting from USB devices and booting from GPT-labeled devices. KDE updated to 3.5.10, GNOME updated to 2.22.3. DVD-sized media for the amd64 and i386 architectures."

Slashdot Top Deals