Email or username:

Password:

Forgot your password?
daniel://'s posts Post Back to profile
Top-level
daniel:// stenberg://

I posted this image on LinkedIn as well, and the stats there tells me that Cisco is in fact now the third most common employing company among the viewers... (only beaten by AWS and Microsoft)

linkedin.com/posts/danielstenb

16 April at 22:05 | Open on mastodon.social
7 comments
eigenman :chickenroll:

@bagder Well that is a bit ridiculous now isn't it? 🤣

16 April at 22:12 | Open on mstdn.social
spmatich :blobcoffee:

@bagder does this qualify as code bloat? the user agent header is completely arbitrary and can be set to anything.
I mean why single out curl. Shouldn’t the nmap default user agent be in there too? etc etc

16 April at 22:14 | Open on ioc.exchange
daniel:// stenberg://

@spmatich they singled out curl because the exploit proof of concept used curl. They stopped the example command line from working.

16 April at 22:15 | Open on mastodon.social
spmatich :blobcoffee:

@bagder so the exploit just needs an update to include setting the user agent header to something else right, and it could be one of many many many different strings.

16 April at 22:18 | Open on ioc.exchange
daniel:// stenberg://

@spmatich ... and that is exactly why the "fix" is so fun!

16 April at 22:19 | Open on mastodon.social
Filippo Nova
Gen X-Wing

@bagder This makes me want to add a check for curl as the user agent, but only so it sends back a fun message as part of the return headers. Something harmless.

17 April at 0:25 | Open on bitbang.social
Go Up