j0hnnyxm4s

bsides312, 4 months ago to random

Sing along!

It is One week left for the CFP
Come one now and apply to me
You know you want to
Tell us what you want to talk through

https://www.papercall.io/bs312-2024/

j0hnnyxm4s, 4 months ago to random

I don’t know why we’re all so terrified of AI when 10 years later the dumb thing still has to ask me what a motorcycle looks like.

hacks4pancakes, 5 months ago to random

If you’re in Chicagoland, @BurbSecWest is this Thursday and there’s a white elephant gift exchange! Come hang out!!! It’s a social event, no talks required. https://Burbsec.com

north, 6 months ago to infosec

#infosec #vulnerability

Disorder in the Court

Insufficient permission check vulnerabilities in public court record platforms from multiple vendors allowed unauthorized public access to sealed, confidential, unredacted, and/or otherwise restricted case documents. Affected documents include witness lists and testimony, mental health evaluations, child custody agreements, detailed allegations of abuse, corporate trade secrets, jury forms, and much more.

https://github.com/qwell/disorder-in-the-court

Catalis - CMS360 is used in Georgia, Mississippi, Ohio, and Tennessee. Catalis is a "government solutions" company that provides a wide array of public record, payment, and regulatory/compliance platforms.

Henschen & Associates - CaseLook is used in Ohio. Henschen & Associates did not respond after multiple reports.

Tyler Technologies - Court Case Management Plus is used in Georgia. In February 2022, a different Tyler Technologies court records platform had a similar vulnerability that allowed the website judyrecords.com to accidentally scrape sensitive data.

Five platforms used by individual courts in Florida -- Brevard County, Hillsborough County, Lee County, Monroe County, and Sarasota County -- are each presumed to be developed "in-house" by the county court.

While all of the platforms allowed unintended public access to restricted documents, the severity varied based on the levels of restrictions that could be bypassed and the discoverability of document IDs. The methods used to exploit each of the vulnerabilities also varied, but could all be performed by an unauthenticated attacker using only a browser's developer tools.

CVE-2023-6341, CVE-2023-6342, CVE-2023-6343, CVE-2023-6344, CVE-2023-6352, CVE-2023-6353, CVE-2023-6354, CVE-2023-6375, CVE-2023-6376

Note: Additional platforms from other vendors that are known to be vulnerable will be included in future disclosures.

Soitwent, 7 months ago to random

Here we go with @j0hnnyxm4s at #securingsexuality

drewtoothpaste, 11 months ago to random

maslow's hierarchy of needs was made up by maslow to sell more hierarchies

drewtoothpaste, 1 year ago to random

the greatest art and cultural resource of the 21st century is the torrent tracker

hacks4pancakes, 1 year ago to random

Thank you, Todrick, for my new favorite new DFIR line to keep in my back pocket:

"There's three sides to every story, as they say in the streets: your side, my side, and the fucking receipts"

BlueTeamCon, 1 year ago to random

Blue Team Con 2023 Tickets and Room Block are now on sale.

Visit https://blueteamcon.eventbrite.com

video/mp4