
ASN: AS3462
Location: Taichung, TW
Added: 2025-10-07T11:38
#Tag
ASN: AS3462
Location: Taichung, TW
Added: 2025-10-07T11:38
ASN: AS52043
Location: Novomikhaylovskiy, RU
Added: 2025-10-07T11:15
ASN: AS3462
Location: Taichung, TW
Added: 2025-10-07T11:38
ASN: AS52043
Location: Novomikhaylovskiy, RU
Added: 2025-10-07T11:15
In the hope that this might reach someone who might some day be in a position to decide whether to allow #VPN traffic to their app…
Please understand that this does not just impact your app.
Most devices run background apps that use the network frequently, including privacy-critical apps like Signal.
When you make someone turn off their VPN to use your app, the background traffic for all those _other_ apps also stops using the VPN.
Don't be an #infosec asshole. Stop blocking VPN traffic.
In the hope that this might reach someone who might some day be in a position to decide whether to allow #VPN traffic to their app…
Please understand that this does not just impact your app.
Most devices run background apps that use the network frequently, including privacy-critical apps like Signal.
When you make someone turn off their VPN to use your app, the background traffic for all those _other_ apps also stops using the VPN.
Don't be an #infosec asshole. Stop blocking VPN traffic.
ASN: AS4713
Location: Toyota, JP
Added: 2025-10-07T11:56
ASN: AS4713
Location: Toyota, JP
Added: 2025-10-07T11:56
ASN: AS212913
Location: Moscow, RU
Added: 2025-10-04T02:44
ASN: AS212913
Location: Moscow, RU
Added: 2025-10-04T02:44
ASN: AS9286
Location: Seoul, KR
Added: 2025-10-03T09:54
Android spyware disguised as legitimate messaging apps targets UAE victims, researchers reveal https://cyberscoop.com/android-spyware-disguised-as-legitimate-messaging-apps-targets-uae-victims-researchers-reveal/ #cybersecurity #infosec
Android spyware disguised as legitimate messaging apps targets UAE victims, researchers reveal https://cyberscoop.com/android-spyware-disguised-as-legitimate-messaging-apps-targets-uae-victims-researchers-reveal/ #cybersecurity #infosec
I submitted a Pull Request to update MacPorts' OpenSSH to 10.1p1 here:
https://github.com/macports/macports-ports/pull/28592
GitHub Continuous Integration checks passed OK!
Alas, the agent.patch that iamGavinJ had created, doesn't apply cleanly, in large part because ssh-agent.c has been reworked significantly with this release.
Subsequently, I closed this previous Pull Request: https://github.com/macports/macports-ports/pull/28592 not because I didn't want to restore that functionality to launchd, but because it will require more effort than I can give such things at this time.
But, check out these improvements to ssh-agent from the OpenSSH 10.1 release notes:
"ssh-agent(1)](https://man.openbsd.org/ssh-agent.1), sshd(8): move agent listener sockets from /tmp to
under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets
in sshd(8).
This ensures processes that have restricted filesystem access
that includes /tmp do not ambiently have the ability to use keys
in an agent.
Moving the default directory has the consequence that the OS will
no longer clean up stale agent sockets, so ssh-agent now gains
this ability.
To support $HOME on NFS, the socket path includes a truncated
hash of the hostname. ssh-agent will, by default, only clean up
sockets from the same hostname.
ssh-agent(1) gains some new flags: -U suppresses the automatic
cleanup of stale sockets when it starts. -u forces a cleanup
without keeping a running agent, -uu forces a cleanup that ignores
the hostname. -T makes ssh-agent put the socket back in /tmp."
Anyway, I updated this as well:
https://trac.macports.org/ticket/72482
I should probably actually close this ticket now that I think of it (fingers crossed that adding that to the PR is sufficient, since I forgot to add that note to the commit message as is typically preferred: https://trac.macports.org/ticket/73084).
#OpenSSH #MacPorts #SecureShell #macOS #encryption #security #infosec
ASN: AS9286
Location: Seoul, KR
Added: 2025-10-03T09:54
I submitted a Pull Request to update MacPorts' OpenSSH to 10.1p1 here:
https://github.com/macports/macports-ports/pull/28592
GitHub Continuous Integration checks passed OK!
Alas, the agent.patch that iamGavinJ had created, doesn't apply cleanly, in large part because ssh-agent.c has been reworked significantly with this release.
Subsequently, I closed this previous Pull Request: https://github.com/macports/macports-ports/pull/28592 not because I didn't want to restore that functionality to launchd, but because it will require more effort than I can give such things at this time.
But, check out these improvements to ssh-agent from the OpenSSH 10.1 release notes:
"ssh-agent(1)](https://man.openbsd.org/ssh-agent.1), sshd(8): move agent listener sockets from /tmp to
under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets
in sshd(8).
This ensures processes that have restricted filesystem access
that includes /tmp do not ambiently have the ability to use keys
in an agent.
Moving the default directory has the consequence that the OS will
no longer clean up stale agent sockets, so ssh-agent now gains
this ability.
To support $HOME on NFS, the socket path includes a truncated
hash of the hostname. ssh-agent will, by default, only clean up
sockets from the same hostname.
ssh-agent(1) gains some new flags: -U suppresses the automatic
cleanup of stale sockets when it starts. -u forces a cleanup
without keeping a running agent, -uu forces a cleanup that ignores
the hostname. -T makes ssh-agent put the socket back in /tmp."
Anyway, I updated this as well:
https://trac.macports.org/ticket/72482
I should probably actually close this ticket now that I think of it (fingers crossed that adding that to the PR is sufficient, since I forgot to add that note to the commit message as is typically preferred: https://trac.macports.org/ticket/73084).
#OpenSSH #MacPorts #SecureShell #macOS #encryption #security #infosec
Dear #windows #infosec #security people. My sister is an average windows user. It appears she has a compromised browser, she tried to download VLC, the compromised browser may have routed her to a different download and now she has some malware called PC App Store.
Other than just sending her a Debian install USB stick which I'd gladly do, what's her best bet for ridding herself of this? Microsoft Defender didn't see any issues. Presumably she can't use a browser to download things reliably...
Neue Angriffsmethode „CometJacking“ nutzt URL‑Parameter, um Perplexitys KI‑Browser Comet auszuspähen
Ein kürzlich entdeckter Angriff namens CometJacking ermöglicht es Angreifern, über manipulierte URLs versteckte Anweisungen an den KI‑Browser Comet von Perplexity zu senden. Diese Anweisungen lassen die KI auf sensible Daten zugreifen, die mit verbundenen Diensten wie E‑Mail und Kalender synchronisiert sind.
Der Angriff ist ein klassischer Prompt‑Injection‑Befehl: In der Abfrage‑Zeichenkette (Query‑String) des Browsers wird das Parameterfeld collection missbraucht, um schädliche Instruktionen einzuschleusen. Statt im Internet zu recherchieren, weist das manipulierte Prompt die KI an, ihr internes Gedächtnis und angebundene Services zu konsultieren.
Gefährlichkeit: Der Angriff erfordert weder gültige Zugangsdaten noch irgendeine Interaktion des Opfers. Der Angreifer muss lediglich eine präparierte URL verbreiten (z. B. per Phishing‑Mail oder Social‑Media‑Post). Sobald ein Zielnutzer die URL öffnet, führt Comet die schädlichen Befehle aus und liefert die Daten an den Angreifer.
Und was sagt Perplexity dazu: nix gefährlich, kein Fehler.
#infosec #ai #PromptInjection #Phishing #SocialMedia #BeDiS #perplexity #cometAI
Neue Angriffsmethode „CometJacking“ nutzt URL‑Parameter, um Perplexitys KI‑Browser Comet auszuspähen
Ein kürzlich entdeckter Angriff namens CometJacking ermöglicht es Angreifern, über manipulierte URLs versteckte Anweisungen an den KI‑Browser Comet von Perplexity zu senden. Diese Anweisungen lassen die KI auf sensible Daten zugreifen, die mit verbundenen Diensten wie E‑Mail und Kalender synchronisiert sind.
Der Angriff ist ein klassischer Prompt‑Injection‑Befehl: In der Abfrage‑Zeichenkette (Query‑String) des Browsers wird das Parameterfeld collection missbraucht, um schädliche Instruktionen einzuschleusen. Statt im Internet zu recherchieren, weist das manipulierte Prompt die KI an, ihr internes Gedächtnis und angebundene Services zu konsultieren.
Gefährlichkeit: Der Angriff erfordert weder gültige Zugangsdaten noch irgendeine Interaktion des Opfers. Der Angreifer muss lediglich eine präparierte URL verbreiten (z. B. per Phishing‑Mail oder Social‑Media‑Post). Sobald ein Zielnutzer die URL öffnet, führt Comet die schädlichen Befehle aus und liefert die Daten an den Angreifer.
Und was sagt Perplexity dazu: nix gefährlich, kein Fehler.
#infosec #ai #PromptInjection #Phishing #SocialMedia #BeDiS #perplexity #cometAI
A space for Bonfire maintainers and contributors to communicate