This is far from an exhaustive list of the .gov domain. Perhaps it is only the ones managed at the Top level. For instance, Texas.gov is listed here, but none of the subdomains are. For example gov.texas.gov,…
Zoom does have the ability to stream the a/v to an RTMP server. https://support.zoom.us/hc/en-us/articles/115001777826-Live-...
I think there were several different draft orders depending on years. I assume this is only using the first lottery, which only applies to people born through 1950. There were additional ones.
What about user certs. Some windows systems allow for authenticating with a user cert. depending on how bad the validation bug is, seems like spoofing a user certificate could be a valid attack vector.
This is what I’m guessing
I don’t think this is ultimately the vulnerability, but even without SNI, it’s arbitrary to dynamically link to a file, script, png, etc... hosted on a sub domain with the bad cert.
You should be able to redirect there mac user folder as well (obviously not with group policy), but it depends on how your mac users are setup. Do you create local user ids for them, are are you joined to an AD domain?
I thought it was Al Gore?
I'm currently using redis in a pair of applications, one of which also uses pub/sub. I have many other applications which would benefit from the caching layer that redis provides, and since they currently have none…
Does it include pub/sub?
And it appears that the Indian Premier league has a jsonp based api. This gets you the matches: http://datacdn.iplt20.com/dynamic/data/core/cricket/2012/ipl... Then with the match id you can get the score.…
Not sure, but it looks like the ICC has an api here. https://cricketapi-icc.pulselive.com/fixtures?matchTypes=T20... Not sure if it is documented, but looks like you can kind of reverse it based on the query string…
This is an interesting humble brag from google, considering there have been several (at least 3) posts to hacker news this year concerning scam ads on some rather high profile search results (youtube.com, bestbuy.com,…
Yeah, the ads for windows support show up, however they all actually link to where the add says they do. In the case of the youtube and amazon ones today, the add link showed amazon.com and youtube.com respectively, but…
I agree with your take. This should absolutely be taken more seriously. At the very least this site is a scam site, and it seems possible that it is even more nefarious. Google ads are supposed to be very credible,…
I'd add, the page source has some Cyrillic script in it, and it also has some embedded base64 encoded media, one of which doesn't appear to decode into anything properly. Maybe they are trying some undisclosed exploit?
There was post early today (https://news.ycombinator.com/item?id=13463263) where the same issue was happening, but the search was for youtube. The hoax site looked just like you are describing. Interestingly, I am no…
I rarely see it discussed in articles like this, but Apple OS X Server has a cache service that is relatively simple to setup. It provides a local network cache for OS X and iOS downloads (also app store). It wouldn't…
This is the sixth time this article was posted. It also is somewhat biased, not that anyone wants to have an intellectual conversation about gun control.
Whatever stack you are already familiar with. For a more in-depth answer you might need to provide more details. For example, are the mobile clients requiring native application functionality, or is a mobile (or…
Just to alleviate your confusion, Acevedo can survive an election, because Chief of Police is an appointed position in Austin. He isn't on a ballot anywhere.
This is far from an exhaustive list of the .gov domain. Perhaps it is only the ones managed at the Top level. For instance, Texas.gov is listed here, but none of the subdomains are. For example gov.texas.gov,…
Zoom does have the ability to stream the a/v to an RTMP server. https://support.zoom.us/hc/en-us/articles/115001777826-Live-...
I think there were several different draft orders depending on years. I assume this is only using the first lottery, which only applies to people born through 1950. There were additional ones.
What about user certs. Some windows systems allow for authenticating with a user cert. depending on how bad the validation bug is, seems like spoofing a user certificate could be a valid attack vector.
This is what I’m guessing
I don’t think this is ultimately the vulnerability, but even without SNI, it’s arbitrary to dynamically link to a file, script, png, etc... hosted on a sub domain with the bad cert.
You should be able to redirect there mac user folder as well (obviously not with group policy), but it depends on how your mac users are setup. Do you create local user ids for them, are are you joined to an AD domain?
I thought it was Al Gore?
I'm currently using redis in a pair of applications, one of which also uses pub/sub. I have many other applications which would benefit from the caching layer that redis provides, and since they currently have none…
Does it include pub/sub?
And it appears that the Indian Premier league has a jsonp based api. This gets you the matches: http://datacdn.iplt20.com/dynamic/data/core/cricket/2012/ipl... Then with the match id you can get the score.…
Not sure, but it looks like the ICC has an api here. https://cricketapi-icc.pulselive.com/fixtures?matchTypes=T20... Not sure if it is documented, but looks like you can kind of reverse it based on the query string…
This is an interesting humble brag from google, considering there have been several (at least 3) posts to hacker news this year concerning scam ads on some rather high profile search results (youtube.com, bestbuy.com,…
Yeah, the ads for windows support show up, however they all actually link to where the add says they do. In the case of the youtube and amazon ones today, the add link showed amazon.com and youtube.com respectively, but…
I agree with your take. This should absolutely be taken more seriously. At the very least this site is a scam site, and it seems possible that it is even more nefarious. Google ads are supposed to be very credible,…
I'd add, the page source has some Cyrillic script in it, and it also has some embedded base64 encoded media, one of which doesn't appear to decode into anything properly. Maybe they are trying some undisclosed exploit?
There was post early today (https://news.ycombinator.com/item?id=13463263) where the same issue was happening, but the search was for youtube. The hoax site looked just like you are describing. Interestingly, I am no…
I rarely see it discussed in articles like this, but Apple OS X Server has a cache service that is relatively simple to setup. It provides a local network cache for OS X and iOS downloads (also app store). It wouldn't…
This is the sixth time this article was posted. It also is somewhat biased, not that anyone wants to have an intellectual conversation about gun control.
Whatever stack you are already familiar with. For a more in-depth answer you might need to provide more details. For example, are the mobile clients requiring native application functionality, or is a mobile (or…
Just to alleviate your confusion, Acevedo can survive an election, because Chief of Police is an appointed position in Austin. He isn't on a ballot anywhere.
Just to alleviate your confusion, Acevedo can survive an election, because Chief of Police is an appointed position in Austin. He isn't on a ballot anywhere.