TL;DR: Instead of redirecting API calls from HTTP to HTTPS, make the failure visible. Either disable the HTTP interface altogether, or return a clear HTTP error response and revoke API keys sent over the unencrypted connection. Unfortunately, many well-known API providers don't currently do so. Updates 2024-05-24: Added the Google Bug Hunter Team response to the report that the VirusTotal API resp
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
20211210-TLP-WHITE_LOG4J.md Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228) Errors, typos, something to say ? If you want to add a link, comment or send it to me Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak Other great resources Royce Williams list sorted by vendors responses Royce List Very detailed list NCSC-N
Are Passkeys really the beginning of the end of passwords? I certainly hope not!
Are Passkeys really the beginning of the end of passwords? I certainly hope not! Published on 2023-11-09. As of late, Passkeys are promoted as the killer of passwords and a lot of companies are now manically transitioning from passwords to Passkeys. I don't think that is a good idea. For decades now, security experts have emphasized the importance of creating strong and unique passwords yet to no
Published: 06 August 2025 at 22:20 UTC Updated: 17 October 2025 at 10:13 UTC Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover. Six years of attempted mitigations have hidden the issue, but failed to fix it. This paper introduces several novel classes of HTTP desync attack capable of mass compromise of user credentials. These technique
How to improve Python packaging, or why fourteen tools are at least tw
There is an area of Python that many developers have problems with. This is an area that has seen many different solutions pop up over the years, with many different opinions, wars, and attempts to solve it. Many have complained about the packaging ecosystem and tools making their lives harder. Many beginners are confused about virtual environments. But does it have to be this way? Are the current
No trial. No credit card required. Just your GitHub account. .NET 6 is now included in Ubuntu 22.04 (Jammy) and can be installed with just apt install dotnet6. This change is a major improvement and simplification for Ubuntu users. We’re also releasing .NET with Chiseled Ubuntu Containers, a new small and secure container offering from Canonical. These improvements are the result of a new partners
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
Update 1.97.1: The update addresses these security issues. Update 1.97.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the January 2025 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Next Edit Suggestions (preview) - Co
情報セキュリティ10大脅威 解説書 [個人編]
情報セキュリティ 10 大脅威 2025 個人編 ~どこから攻撃されても防御ができる十分なセキュリティ対策を~ 2025 年 6 月 本書は、以下の URL からダウンロードできます。 「情報セキュリティ 10 大脅威 2025 個人編」 https://www.ipa.go.jp/security/10threats/10threats2025.html 目次 はじめに......................................................................................................................................................... 4 情報セキュリティ 10 大脅威 2025.....................................
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.66.1: The update addresses these issues. Update 1.66.2: The update addresses these security issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the March 2022 release of Visual Studio Code. There are many updates in this version that we ho
Have you ever found a user at your company who actually likes using multi-factor authentication (MFA), either time-based one-time passwords (TOTP) or push-based MFA? Either method adds friction for users by necessitating a second device for logins while increasing the cost to attackers. However, both have problems. SMS MFA is widely regarded as insecure because of the proliferation of SIM jacking
概要 ここ数カ月、ランサムウェアやRaaS(Ransomware-as-a-Service)による攻撃がサイバーセキュリティ業界の話題の中心となっていますが、犯罪者やハッカーは、金銭的な利益を得るために企業やビジネス、個人の電子メールも侵害し続けています。これらの詐欺、つまりビジネスメール詐欺(BEC)と個人用のメールアカウント侵害(EAC)は、日々ユーザーに報告されるサイバー脅威の中でもとくに広くみられるもので、対応コストも非常に高いものになっています。米国連邦捜査局(FBI)は最新の年次レポートで「BECおよびEACは、2020年に米国国内において少なくとも18億6,000万ドルの損失要因となっており、これは2019年に報告された損失との比較で5%の増加である」と報告しています。米国で報告された2020年のサイバー犯罪被害のうち、じつに45%がBECとEACに占められており、報告された
[Simon Tatham, 2025-03-05] Introduction Purposes of this article How to interact with a bare git repo What do I prefer in particular? BEST: URL of a git repository + branch name An incremental git bundle A set of patch files from git format-patch A bare diff file generated by git diff WORST: A series of separate emails generated by git send-email Why don’t I use a git forge? Trust Heavyweight Acco
ChatGPT Containers can now run bash, pip/npm install packages, and download files
Sponsored by: Teleport — Secure, Govern, and Operate AI at Engineering Scale. Learn more ChatGPT Containers can now run bash, pip/npm install packages, and download files 26th January 2026 One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launched as ChatGPT Code Interpreter nearly three years ago, was half-heartedly rebranded to “Advance
Release date: November 12, 2025 Update 1.106.1: The update addresses these issues Update 1.106.2: The update addresses these issues Update 1.106.3: The update addresses these issues Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the October 2025 release of Visual Studio Code. This release brings significant updates across three key areas:
"},"dump":{"kind":"string","value":"CC-MAIN-2013-20"},"url":{"kind":"string","value":"http://%20jwashington@ap.org/Content/Press-Release/2012/How-AP-reported-in-all-formats-from-tornado-stricken-regions"},"date":{"kind":"string","value":"2013-05-18T05:48:54Z"},"file_path":{"kind":"string","value":"s3://commoncrawl/crawl-data/CC-MAIN-2013-20/segments/1368696381249/warc/CC-MAIN-20130516092621-00000-
ChatGPTに酷似した「ChatGTP」偽アプリに注意—中国製詐欺アプリの実態と見分け方 - 社内SEゆうきの徒然日記
これは酷い&AppStore審査ずさん support.apple.com ChatGPTに酷似した「ChatGTP」偽アプリに注意—中国製詐欺アプリの実態と見分け方 最近、AIの技術進化と共に人気を集めているChatGPT。その知名度に便乗する形で、App Storeに「ChatGTP」という紛らわしい名前の偽アプリが登場し、多くのユーザーが混乱しています。本物のChatGPTに一文字違いの名前を使用し、アイコンも酷似させたこの中国製アプリの実態について詳しく解説します。特に注目すべきは、このアプリが中国の甘粛省に拠点を置く企業によって製造されており、無料インストール後に課金を強制する仕組みとなっている点です。今回は、ChatGTP偽アプリの製造国や特徴、詐欺の手口、そして本物との見分け方について詳細に解説します。 ## 1. 「ChatGTP」偽アプリとは—中国製詐欺アプリの概要 ##
Temptations of an open-source browser extension developer · extesy/hoverzoom · Discussion #670
Over the years, I have received many proposals to monetize this extension so I think I'll just start posting them here for fun (but not for profit). The main reason I continue to maintain this extension is because I can hardly trust others to not fall for one of these offers. I'm fortunate to have a job that pays well enough to allow me to keep my moral compass and ignore all of these propositions
Attackers Are Hunting High-Impact Node.js Maintainers in a C...
Since we published our initial analysis of the axios compromise, a deep dive into its hidden blast radius, and a report on the maintainer confirming it was social engineering, maintainers across the Node.js ecosystem have come out of the woodwork to report that they were targeted by the same social engineering campaign. The accounts now span some of the most widely depended-upon packages in the np
Safer Usage Of C++
Safer Usage Of C++ This document is PUBLIC. Chromium committers can comment on the original doc. If you want to comment but can’t, ping palmer@. Thanks for reading! Google-internal short link: go/safer-cpp Authors/Editors: adetaylor, palmer Contributors: ajgo, danakj, davidben, dcheng, dmitrig, enh, jannh, jdoerrie, joenotcharles, kcc, markbrand, mmoroz, mpdenton, pkasting, rsesek, tsepez, awhalle
Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41 | Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION | China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure | Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns | Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw | Laboratory Services Cooperative dat
GitHub - taishi-i/awesome-ChatGPT-repositories: A curated list of resources dedicated to open source GitHub repositories related to ChatGPT and OpenAI API
awesome-chatgpt-api - Curated list of apps and tools that not only use the new ChatGPT API, but also allow users to configure their own API keys, enabling free and on-demand usage of their own quota. awesome-chatgpt-prompts - This repo includes ChatGPT prompt curation to use ChatGPT better. awesome-chatgpt - Curated list of awesome tools, demos, docs for ChatGPT and GPT-3 awesome-totally-open-chat
Protect your online accounts using Password Monitor - Microsoft Support
Each year, hundreds of millions of usernames and passwords are exposed online when websites or apps become the target of data leaks. Leaked usernames and passwords often end up for sale on the online black market, commonly referred to as the Dark Web. Hackers use automated scripts to try different stolen username and password combinations to hijack people’s accounts. If one of your accounts is bre
Microsoft 365 管理センター (サインイン) (新)https://admin.cloud.microsoft/ (旧)https://admin.microsoft.com (概要ページ) https://learn.microsoft.com/ja-jp/microsoft-365/admin a https://admin.microsoft.com/?tenant=nogushunifty.onmicrosoft.com Teams 管理センター (サインイン) https://admin.teams.microsoft.com (概要ページ) https://learn.microsoft.com/ja-jp/microsoftteams/manage-teams-in-modern-portal Exchange 管理センター (サインイン) https://adm
September 2, 2025 Opinions expressed are solely my own and do not express the views or opinions of my employer Introduction I still remember the fall of 2008 when Google launched Chrome - a quirky new browser with a comic book as its press release. As someone who’s spent a long time on the Chrome team, I’ve watched this project grow from a secret skunkworks to a browser used by billions. Chrome tu
Release date: July 9, 2025 Update 1.102.1: The update addresses these issues. Update 1.102.2: The update addresses these issues. Update 1.102.3: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the June 2025 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some
GitHub - ComfyUI-Workflow/awesome-comfyui: A collection of awesome custom nodes for ComfyUI
ComfyUI-Gemini_Flash_2.0_Exp (⭐+172): A ComfyUI custom node that integrates Google's Gemini Flash 2.0 Experimental model, enabling multimodal analysis of text, images, video frames, and audio directly within ComfyUI workflows. ComfyUI-ACE_Plus (⭐+115): Custom nodes for various visual generation and editing tasks using ACE_Plus FFT Model. ComfyUI-Manager (⭐+113): ComfyUI-Manager itself is also a cu
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Your API Shouldn't Redirect HTTP to HTTPS
HTTP/1.1 must die: the desync endgame
.NET 6 is now in Ubuntu 22.04 - .NET Blog
0.8.0 Release Notes ⚡ The Zig Programming Language
January 2025 (version 1.97)
March 2022 (version 1.66)
How Discord Rolled Out Yubikeys for All Employees
マルウェアを使わない大規模クレデンシャルハーベスティング(認証情報詐取)
Git without a forge
October 2025 (version 1.106)
HuggingFaceFW/fineweb · Datasets at Hugging Face
Microsoft 管理者向け のリンク集 - Qiita
Google Chrome at 17 - A history of our browser
June 2025 (version 1.102)