Gregory's Server|
5 comments
 @briankrebs @alex I’ve received private disclosure of a potential vulnerability that I have independently verified as still active. I would disclose it as we are a whole year past the responsible disclosure period, but it’s the state of Georgia and incompetent governments don’t take too kindly to this: https://www.theverge.com/2021/10/14/22726866/missouri-governor-department-elementary-secondary-education-ssn-vulnerability-disclosure  @eb @briankrebs I’ve seen another subtle hack recently: I suppose CMS haven’t been patched, so all the content on a website had few words in article to be made in links that also point to some shady pharma site. I wonder if it’s possible to check backlinks from Georgia’s site. But referrer check is 👌. So simple, much efficient! @briankrebs @eb oh yeah, there a lot of horror going on and some gov services don’t even have TLS :) But for what it worth .me is (or was, jury is literally still out on this matter: https://m.cdm.me/english/procedure-for-me-domain-starts-from-very-beginning/) operated by joint enterprise with GoDaddy and Identity Digital @briankrebs @eb but I suppose the fact that who operates .me is being disputed doesn’t make you feel any safer 😬 |
@briankrebs @alex related: my recent https://boehs.org/node/medicicnes