SEK Seite: 1

Portal Nachrichten

Team IT Sicherheit NEWS (572 Quellen): 30.11.22 Fixes Designänderung und Störung behoben.


➠ Keybase: SOP bypass using browser cache


image
Summary An attacker has the ability to extract sensitive information from user's accounts, due to a CORS issue. On a minor note, this also is a cross-site leak as we can fingerprint what exact keybase user has accessed the attacker's website. Information disclosed: "passphrase_generation":4,"random_pw":false}, "invitation_stats":{"available":60,"used":40,"power":100,"open":0}, "profile":"emails":{"emails":[{"email":"[email protected]","is_primary":1,"is_verified":1,"when_verified":"2016-03-08T22:44:39.000Z","visibility":1,"last_verify_email_date":null}],"primary":{"email":"[email protected]","is_primary":1,"is_verified":1,"when_verified":"2016-03-08T22:44:39.000Z","visibility":1,"last_verify_email_date":null}},"billing_and_quotas":{"plan":{"plan_id":"b40ff8cf58afb4fa7e8dd4dc2c5f651a","plan_name":"BASIC","price_pennies":0,"gigabytes":250,"num_groups":0,"folders_with_writes":500,"billing_status":0,"test_mode":null},"usage","lks_server_half":"a42d3be100454cc98df58d90acd402af57e40119d6a02580edc47128454a47dc","passphrase_generation":4,"last_used_time":1566400369},"private_keys":{"all":{}} I tested this on my own account, and while there is some serious information disclosure here, I am most concerned by "private_keys" field. I do not believe I have a private key stored on keybase.io however if it turns out that a private key is disclosed here for people that do, I believe this is near critical impact. Issue Overview Users can interact with the following endpoint:......

➦ Sicherheitslücken / Exploits ☆ vulners.com

➠ Komplette Nachricht lesen


Zur Startseite

➤ Ähnliche Beiträge für 'Keybase: SOP bypass using browser cache'

Web resource caching: Client-side

vom 487.3 Punkte
The subject of Web resource caching is as old as the World Wide Web itself. However, I'd like to offer an as-exhaustive-as-possible catalog of how one can improve performance by caching. Web resource caching can happen in two different places: client-side -

Gaining security and privacy by partitioning the cache

vom 369.6 Punkte
Gaining security and privacy by partitioning the cache In general, caching can improve performance by storing data so future requests for the same data are served faster. For example, a cached resource from the network can avoid a round trip to

Keybase Moves To Stop Onslaught of Spammers on Encrypted Message Platform

vom 278.97 Punkte
From a report: Keybase started off as co-founder and developer Max Krohn's "hobby project" -- a way for people to share PGP keys with a simple username-based lookup. Then Chris Coyne (who also was cofounder of OkCupid and SparkNotes) got involved and

Flaws In Zoom's Keybase App Kept Chat Images From Being Deleted

vom 240.02 Punkte
chicksdaddy writes: The Security Ledger reports that a flaw in Zoom's Keybase secure chat application left copies of images contained in secure communications on Keybase users' computers after they were supposedly deleted, according to researchers from

Comodo's so-called 'Secure Internet Browser' Comes with Disabled Security Features

vom 204.61 Punkte
Beware Comodo Users!Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns. First of all, make sure whether your default browser had been changed to "Chromodo" -- a free browser offered by Comodo Antivirus.If your head node is "Yes," then you could be at risk!Chromodo bro

Comodo's so-called 'Secure Internet Browser' Comes with Disabled Security Features

vom 204.61 Punkte
Beware Comodo Users!Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns. First of all, make sure whether your default browser had been changed to "Chromodo" -- a free browser offered by Comodo Antivirus.If your head node is "Yes," then you could be at risk!Chromodo bro

Memory-efficient inference with XNNPack weights cache

vom 202.98 Punkte
Posted by Zhi An Ng and Marat Dukhan, Google XNNPack is the default TensorFlow Lite CPU inference engine for floating-point models, and delivers meaningful speedups across mobile, desktop, and Web platforms. One of the optimizations employed in XNNPack is repacki

Some of these libraries may not be found correctly (Anaconda the cause here?)

vom 202.41 Punkte
Does anyone have experience with this kind of error when installing a QT application? My guess is, anaconda has something to do with it in the present case. I am thankful for any help. aking package: lightly-qt 0.4-1 (Mon 08 Feb 2021 10:05:23 CET) ==&g

Announcing the general availability of the new Azure HPC Cache service

vom 195.01 Punkte
If data-access challenges have been keeping you from running high-performance computing (HPC) jobs in Azure, we’ve got great news to report! The now-available Microsoft Azure HPC Cache service lets you run your most demanding workloads in Azure without th

UACME - Defeating Windows User Account Control

vom 193.2 Punkte
Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor. System Requirements x86-32/x64 Windows 7/8/8.1/10 (client, some methods however works on server version too). Admin account with UAC set on default settings required. UsageRun executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param]. See "Run examples" below for more info.

SharpDPAPI - A C# Port Of Some Mimikatz DPAPI Functionality

vom 186.11 Punkte
SharpDPAPI is a C# port of some DPAPI functionality from @gentilkiwi's Mimikatz project.I did not come up with this logic, it is simply a port from Mimikatz in order to better understand the process and operationalize it to fit our workflow. The SharpChrome subproject is an adaptation of work from @gentilkiwi and @djhohnstein, specifically his SharpChrome project. However, this version of SharpChrome

Regex Performance Improvements in .NET 5

vom 162.33 Punkte
The System.Text.RegularExpressions namespace has been in .NET for years, all the way back to .NET Framework 1.1. It’s used in hundreds of places within the .NET implementation itself, and directly by thousands upon thousands of applications. Across all of t

Team Security Diskussion über Keybase: SOP bypass using browser cache