Dolboeb-driven Development
729 subscribers
832 photos
132 videos
8 files
638 links
Мое личное ebanoe.it. Истории из первых (чаще всего кривых) рук.

Ваши примеры имплементации DDD => кидайте в чат

*все тексты в данном канале являются художественным вымыслом и не связаны с реальными людьми и компаниями, если не указано иное 😉
Download Telegram
Forwarded from HN Best Comments
Re: Potential session/cache leakage between workspace instances or consumer accounts

This attack is called "HTTP desync" or "request smuggling". It's often done intentionally by a client to try and spy on other clients' responses.

Every time you multiplex requests from multiple clients onto one upstream connection, you are probably vulnerable to this, because (despite its superficial simplicity) HTTP is just too complex to reliably match the requests and responses to upstream.

For example a desync can be triggered in some systems by having more than one Content-Length header, by mixing Content-Length with chunked encoding, or by passing an HTTP/2 header called Content-Length that doesn't match the actual content length.

Here's a DEF CON talk (6 years ago) on this topic: https://www.youtube.com/watch?v=w-eJM2Pc0KI

The same attack has been applied to SMTP by messing up the line endings surrounding the end-of-message delimiter, where it's called SMTP smuggling. It may also apply to other protocols.

pocksuppet, 1 day ago
>Я тут подумав: міністр оборони в Україні це як викладач захисту від темних мистецтв в Хогварсті
😁10🥴1
this is where i post from
👀5😁41🤯1
Forwarded from mapgleos ✙ #УкрТґ
😱5😁1😭1
>“You type in the question or use your voice and it [AI] gives you a detailed answer,
like ‘How can I build a bomb?’ and then it tells you how. It is like a human robot! We
used it a lot.”

>“Before, the bomb explosion was not that big, but then they studied it. AI told us
what chemicals to put in that made the explosion heavier.”

>“We used to rely on our traditional methods. We sent 200 fighters because we had a
lot of strength, but then 60 got killed. With the help of AI, we learned that it
sometimes makes sense to only send 20. We learned more about well-coordinated
attacks and deployment of smaller units.”

>“The white guys assembled the top people in a room. They used a projector to show
how it [AI] works on a big screen.”

>“We have people in different places who set up accounts that can’t be linked to us.
They also pay for the subscriptions.”
“[B]oys that have received extensive training [...] bypass the restrictions. They say
they need it for a movie or something like that.”

>“God has helped us, and so will AI.”
👍4🌚3
Forwarded from mapgleos ✙ #УкрТґ
daily reminder that you can use LLMs to scan this kilometer-long Terms of Service agreements and find some nasty shit that they do with your data
👍14
Forwarded from vx-underground
> malware
> tries to run as admin
> fails
> already running as admin
> didn't check privileges before
> self terminates because thinks isn't admin

This is why you should run every application as Admin, for the 1/1,000,000 chance a malware payload forgets to check it's privilege
😁23
Forwarded from Exilenova+
This media is not supported in your browser
VIEW IN TELEGRAM
Тим часом російські МВГ учаться літати. Як то кажуть аналогов нет 🤭
Please open Telegram to view this post
VIEW IN TELEGRAM
😁15
Forwarded from céleste nouveau🥀
😁9🥰5😱1🕊1
mapgleos ✙ #УкрТґ
Photo
DDR - Dance Dance Revolution
6