security

This blog post covers a boring local privilege escalation bug in iStat Menus due to a misconfigured folder permission. I was honestly surprised this was overlooked, since there were other recently disclosed vulnerabilities, one of which was way more interesting. Read here. TL;dr Insecure world-writable folder allowing privilege escalation Affected versions < 7.20.5 with Install Helper component No profit (a reboot is required) A CVE has been requested Description In my day-to-day job I occasionally review software for security issues....

Update 3/11/2025: The issue has now been resolved. This will probably be fixed in a few hours. As for the 7 people that actually use cloudflared (like me :P) here’s a quick fix. A cached copy of the file is available here. Public key rollover I recently tried upgrading the cloudflared package on my Fedora 42 system. But received a warning about invalid signature due to an expired key. Official documentation about a Public Key Rollover on 30th October 2025....

I recently upgraded my home network router from a pfSense SG-1100 to a Ubiquiti Unifi Gateway Ultra. The main reason I upgraded was because I already had a unifi switch and unifi wireless access points, and so wanted to complete the eco-system. ISP limitation My ISP uses Carrier-Grade NAT or CGN which means it uses a IPv4 network shared with other house-holds. It also means I cannot port forward services like VPNs to the Internet....

Since last April in 2016, the main BBC Homepage has been accessible only via HTTPS, which I thought was a good step forward, heading in the right direction. However, most pages or URLs still use insecure HTTP. Trying to navigate to a page while manually typing HTTPS in the browser address bar will force a 301 re-direct to HTTP. Here’s an example of cURL while navigating to /news/ path: $ curl -IL https://www....