From Security Weekly Wiki
Jump to navigationJump to search
no edit summary
#[ Apache Releases Security Advisory for Apache Tomcat | CISA]
#[ The man behind Cardplanet credit card market sentenced to 9 years in prison]
#[ Python Arbitrary File Write Prevention: The Tarbomb]- ''As an example of how this could work, imagine you’re on your MacBook trying to open a file you just downloaded from your email, accounts_2020_06.tar.gz. From your downloads folder, you would expect the archive to be extracted into a new folder named accounts_2020_06. However, what if the archive contained a file with the path ../.bash_profile and contained a modified version of a bash profile that opened a backdoor on your system? If taken literally, this malicious file would overwrite your valid bash profile and you wouldn’t even know it.Luckily, the macOS archive utility and many other decompression tools check for these scenarios. However, not all do, case in point — tarfile, part of the python standard library, is vulnerable to this type of attack when used out of the box.''
#[ Unpatched Wi-Fi Extender Opens Home Networks to Remote Control]
#[ The Internet is too unsafe: We need more hackers]


Navigation menu