林博仁 Buo-ren Lin brlin-tw

前言

利用 dnsmasq 和 wireguard 搞一組簡單的內部開發環境。目標是不論在家開桌機、咖啡廳開筆電或是家裡開筆電，都能得到幾乎一樣的體驗。

硬體需求

連外網路
從外面連回家用的外網 IP (固 I 佳，動態的要另外想辦法處理 DDNS)
NAT
- 最簡單的方式是買台速度和訊號不錯的分享器，只會用它的路由、撥號和防火牆功能

Slop

This collection is limited to only include the reports that were submitted as security vulnerabilities to the curl bug-bounty program on Hackerone.

Several other issues not included here are highly suspcious as well.

Reports

[Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet. #2199174

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

Why

I've noticed RX packet drops on my PCI card (InDroppedDma was too high). I suspected that it was because of a firmware problem, so I decided to try to find a way to update it.

There was no official linux firmware updater, however I found an unofficial one published some time ago, which worked well when combined with the latest firmware.

Use at your own risk, however I didn't experience any problems.

Explanation:

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

If you want to add a link, comment or send it to me
Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

Royce Williams list sorted by vendors responses Royce List
Very detailed list NCSC-NL
The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List

	#!/usr/bin/env bash

	# Copyright 2025 Amine Hassane

	# Permission is hereby granted, free of charge, to any person obtaining a copy
	# of this software and associated documentation files (the "Software"), to deal
	# in the Software without restriction, including without limitation the rights
	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	# copies of the Software, and to permit persons to whom the Software is
	# furnished to do so, subject to the following conditions:

	#!/bin/bash

	# usage: install-wine-addon.sh { mono \| gecko }

	# keywords: wine-mono wine-gecko msi share/wine/mono share/wine/gecko

	go() {
	local pkg="$1"
	local wineexe=$(readlink /usr/bin/wine)
	# e.g. /opt/wine-devel/bin/wine

	#!/bin/bash
	# Steps:
	# 1) Make sure bash is available
	# 2) Create udev rule
	# - path to new udev rule: /etc/udev/rules.d/50-x-resize.rules
	# - udev rule content:
	# ACTION=="change",KERNEL=="card0", SUBSYSTEM=="drm", RUN+="/usr/local/bin/x-resize"
	# 3) Create /var/log/autores directory
	# 4) Create script /usr/local/bin/x-resize (this file) and make executable
	# 5) Reload udev rules with `sudo udevadm control --reload-rules`