home.social

Search

1000 results for “ktzone”

  1. Senfcall 💛 @[email protected] ·

    #SpenSenfMastodon Tag 4: Nicht erst seit #log4j oder #heartbleed wissen wir, dass manche wichtige #OpenSource Software unbekannt ist. Zwar sind #Jamaica und #JVerein kein zentraler Bestandteil der digitalen Infrastruktur, sehr wohl aber ein lebenswichtiges Tool für die #Finanzbuchhaltung vieler Vereine, so auch für unseren Trägerverein @computerwerk. Damit wir weiter als #Verein unsere Arbeit machen können: spendet heute an doku.jverein.de/allgemeine-fun statt #Senfcall!

    #FreieSoftware

    #freiesoftware #senfcall #verein #finanzbuchhaltung #jverein #jamaica
  2. Ev. Predigergemeinde Erfurt @[email protected] ·

    #barmherzigwie die Öffentlichkeitsarbeit der @EKMnews . Für die Karwoche und Ostern stellt sie rechtefrei einen Hörweg bereit, damit die heute ihn auf CD brennen und weitergeben. Gerade an Menschen, die kein Internet haben.

    ekmd.de/aktuell/projekte-und-a

    #barmherzigwie
  3. Royce Williams @[email protected] ·
    CW: New multi-implementation DNSSEC validation DoS vulnerabilities - CVE-2023-50387 ("KeyTrap"), CVE-2023-50868 (NSEC3 vuln)

    (living doc, updated regularly - if you prefer a low-edit post to boost, use infosec.exchange/@tychotithonu)

    Looks like DNS-OARC coordinated fixes in advance, but no centralized analysis at first other than the announcement from the team who discovered KeyTrap:

    Details may be still partially embargoed until patching ramps up.

    Analysis:

    DoS of all major DNSSEC-validating DNS resolvers (servers, but also maybe local resolvers like systemd's?) at the implementation level. Exploitation described as 'trivial'. Both are CVSS 7.5. DNS is a rich ransom target - but some resolver setups don't even validate DNSSEC.

    "In 2012 the vulnerability made its way into the implementation requirements for DNSSEC validation, standards RFC 6781 and RFC 6840" (per ATHENE)

    Per the Unbound writeup, both vulns require query to a malicious zone (which is probably not hard to trigger, for any DNSSEC-enabled client or server).

    Resolution: patch (recommended); disable DNSSEC validation (discouraged, but can buy you time / mitigate active DoS)

    Fixes mitigate the exhaustion by putting caps on validation activities. These caps appear to have been missing from most implementations.

    Details:

    Two DNSSEC DoS CVEs:

    CVE-2023-50387 ("KeyTrap"): "DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers" (CVSS 7.5)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    seclists.org/oss-sec/2024/q1/1

    (KeyTrap was discovered by ATHENE - their press release here has very important detail:
    athene-center.de/en/news/press)

    CVE-2023-50868: "NSEC3 closest encloser proof can exhaust CPU" (CVSS 7.5)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    MITRE links (now populated):
    cve.mitre.org/cgi-bin/cvename.
    cve.mitre.org/cgi-bin/cvename.

    Vulmon queries:
    vulmon.com/searchpage?q=CVE-20
    vulmon.com/searchpage?q=CVE-20

    VulDB:
    vuldb.com/?id.253829

    Resolver status:

    BIND (patched - vuln since 2000?):
    fosstodon.org/@iscdotorg/11192
    kb.isc.org/docs/cve-2023-50387
    kb.isc.org/docs/cve-2023-50868
    seclists.org/oss-sec/2024/q1/1
    isc.org/blogs/2024-bind-securi
    (note: posts say "Versions prior to 9.11.37 were not assessed." but also have a range of affected versions starting at 9.0.0 - typo?)

    BIND tools:
    dig: no validation
    kdig: no validation
    delv: affected, patched

    dnsmasq (patched - 2.90 has fix):
    thekelleys.org.uk/dnsmasq/CHAN
    lists.thekelleys.org.uk/piperm

    Knot (patched in 5.7.1):
    knot-resolver.cz/2024-02-13-kn
    (kzonecheck also affected, patched?)

    ldns-verify-zone:
    affected per ATHENE paper

    OPNsense (patched):
    forum.opnsense.org/index.php?t

    pfSense:
    (Bundled Unbound: plan appears to be to make a separate package available for manual update?; BIND: optional package)
    forum.netgate.com/topic/186145
    redmine.pfsense.org/issues/152

    Pi-Hole (uses dnsmasq - patch available)
    patreon.com/posts/dnssec-fix-9
    pi-hole.net/blog/2024/02/13/fi

    PowerDNS (patched - all versions affected):
    blog.powerdns.com/2024/02/13/p
    github.com/PowerDNS/pdns/pull/
    github.com/PowerDNS/pdns/pull/
    seclists.org/oss-sec/2024/q1/1

    Stubby:
    [?]
    github.com/getdnsapi/stubby

    systemd.resolved:
    [?]

    Ubiquiti
    [?]

    Unbound (patched - vuln since Aug 2007):
    nlnetlabs.nl/news/2024/Feb/13/
    nlnetlabs.nl/downloads/unbound
    seclists.org/oss-sec/2024/q1/1

    Library status:*
    dnspython (GitHub patched):
    affected per ATHENE paper
    github.com/rthalley/dnspython/

    getdns (used by stubby - no patched release?):
    affected per ATHENE paper
    getdnsapi.net/releases/

    ldns (not yet patched?):
    affected per ATHENE paper
    github.com/NLnetLabs/ldns

    libunbound (used by Unbound):
    affected per ATHENE paper
    no recent patches?
    github.com/NLnetLabs/unbound/t

    Cloud status:

    Akamai:
    akamai.com/blog/security/dns-e

    Cloudflare:
    blog.cloudflare.com/remediatin

    Google DNS:
    (stated as patched in Register and SecurityWeek articles)
    [?]

    NextDNS (patched per forum reply):
    help.nextdns.io/t/h7yxwc5/does

    OS status:

    Debian:
    BIND:
    lists.debian.org/debian-securi
    pdns-recursor:
    lists.debian.org/debian-securi
    Unbound:
    lists.debian.org/debian-securi

    Fedora:
    bodhi.fedoraproject.org/update

    FreeBSD:
    cgit.freebsd.org/ports/commit/

    Gentoo:
    bugs.gentoo.org/show_bug.cgi?i

    Mageia:
    bugs.mageia.org/show_bug.cgi?i

    OpenBSD (unwind):

    Red Hat:
    bugzilla.redhat.com/show_bug.c
    access.redhat.com/security/cve
    access.redhat.com/security/cve

    SUSE:
    suse.com/security/cve/CVE-2023
    bugzilla.suse.com/show_bug.cgi

    Ubuntu:
    ubuntu.com/security/CVE-2023-5
    ubuntu.com/security/CVE-2023-5
    ubuntu.com/security/notices/US

    Windows (Server, DNS Role):
    msrc.microsoft.com/update-guid

    Package status:

    BIND:
    repology.org/project/bind/vers

    dnsmasq:
    repology.org/project/dnsmasq/v

    Unbound:
    repology.org/project/unbound/v

    GitHub:
    github.com/advisories/GHSA-845

    Go (Knot module?)
    github.com/golang/vulndb/issue

    Non-coverage: (no mentions known yet)

    AWS :
    [?]

    Azure (Microsoft Server DNS?):
    [?]

    Cisco Umbrella:
    umbrella.cisco.com/blog [?]

    CoreDNS:
    coredns.io/blog/ [?]

    Infoblox:
    blogs.infoblox.com/ [?]

    Quad9 DNS:
    quad9.net/news/blog/ [?]

    News/Press/Forums

    pducklin.com/2024/02/18/the-sc

    theregister.com/2024/02/13/dns

    securityweek.com/keytrap-dns-a

    bleepingcomputer.com/news/secu

    news.ycombinator.com/item?id=3

    darkreading.com/cloud-security

    Detection/Validation:

    Check to see if a server is doing DNSSEC validation (if not an open recursive resolver, you may need to query a zone the server is authoritative for):

    # zone signed, server DNSSEC-enabled:
    $ delv example.net @8.8.8.8
    ; fully validated
    example.net.            4437    IN      A       93.184.216.34
    example.net.            4437    IN      RRSIG   A 13 2 86400 20240225232039 20240204162038 18113 example.net. 94G2PRXins1G9ntfklvCq2mvcgqjB0z9FqQXp77lD/wXR4J3D67ceih1 yNgsYYqlIAOoWKXUekux6Zq9aIwszQ==

    # zone unsigned, server DNSSEC-enabled:
    $ delv google.com @8.8.8.8
    ; unsigned answer
    google.com.             100     IN      A       142.250.69.206

    Tenable:
    tenable.com/plugins/pipeline/i

    Snyk:
    security.snyk.io/vuln/SNYK-UNM

    Exploits:

    (multiple sources describe as "trivial")

    github.com/knqyf263/CVE-2023-5 (not tested)

    #keytrap #nsec3 #CVE202350387 #CVE202350868 #CVE_2023_50387 #CVE_2023_50868
    #dns #dnssec

    #keytrap #nsec3 #cve202350387 #cve202350868 #cve_2023_50387 #cve_2023_50868
  4. Oceans on Fire @[email protected] ·

    Favorite Books I Read in 2022:

    I've been keeping a record of the books I read (on the back of bookmarks) and giving each of them a score as to how I felt/thought about each book upon completing it. Interestingly, at least to me, as I look back over the year, my top favorite now, is not the book I gave the highest score to at the time.

    This past year I read 41 different books. (One of them twice.) Not that these works were necessarily written or published in 2022, but that is just the year I read them. (And the book I am currently reading, I am only about a quarter of they though, so doubt I will finish that this year.)

    So here I present a totally subjective list of my favorite books I have read this past year (not necessarily in any order).

    1. "Gangsters of Capitalism - Smedley Butler, The Marines, And The Making And Breaking Of America's Empire" by Jonathan M. Katz (2021)
    @katzonearth

    2. "Not 'A Nation Of Immigrants' - Settler Colonialism, White Supremacy, And A History Of Erasure And Exclusion" by Roxanne Dunbar-Ortiz (2021)

    3. "The Women's House of Detention - A Queer History of a Forgotten Prison" by Hugh Ryan (2022) @HughRyan

    4.) "Border and Rule - Global Migration, Capitalism, and the Rise of Racist Nationalism"
    by Harsha Walia (2021) (Oh, FYI this is the book I read twice.)

    5) "Begin The World Over" by Kung Li Sun (2022 by AK Press)

    and base on how I feel today, what I would say is my favorite of the year is:

    6) "Everything For Everyone - An Oral History of the New York Commune 2052-2072" by M.E. O'Brien and Eman Abdelhadi (2022 by Common Notions)

    -------

    Two strong shoot outs also go to:
    "OHIO - On The Validity of Bob's Lanes" by Sean Swain (2022 by Little Black Cart/ LBC Books)

    and

    "Opposing Torture" by Sean Swain (2022 by Ardent Press)
    "
    seanswain.noblogs.org

    #Books #BooksOnMastodon #2022

    #books #booksonmastodon
  5. Knowledge Zone @kzoneind ·

    : A is a collection of characters that has semantic meaning for a model. Tokenization is the process of converting the words in your prompt into tokens.

    knowledgezone.co.in/posts/Toke

    #itbyte #token
  6. Knowledge Zone @[email protected] ·

    #PhotoOfTheDay: A Dance of Galaxies

    These two galaxies are named NGC 4490 and NGC 4485, and they’re located about 24 million light-years away in the constellation Canes Venatici (The Hunting Dogs).

    They are the closest known interacting dwarf-dwarf galaxy system where astronomers have observed the interactions between them, as well as been able to resolve the stars within.

    nasa.gov/image-article/a-dance

    #photooftheday
  7. Knowledge Zone @[email protected] ·

    A #Wormhole is a hypothetical topological feature of spacetime that acts as a shortcut or "bridge" connecting two distant points in the universe.

    Theoretically allowed by Einstein's theory of general relativity, navigating one would require exotic matter with negative energy density to keep the throat from instantly collapsing.

    knowledgezone.co.in/posts/What

    #wormhole
  8. Knowledge Zone @kzoneind ·

    Alan Turing submitted "On Computable Numbers" for publication (1936) in which he set out the theoretical basis for modern computers.

    The Mars found signs water on planet (2002).

    Today is World .

    knowledgezone.co.in/news

    #onthisday #odyssey #mars #hungerday
  9. Knowledge Zone @kzoneind ·

    :"An Essay on Universal History, the Manners, and Spirit of Nations" is a famous work by a famous French writer, historian, and philosopher.

    Who was this writer?

    A. Rene Descartes
    B. Voltaire
    C. Montesquieu
    D. Albert Camus

    knowledgezone.co.in/resources/

    #quizoftheday
  10. Knowledge Zone @[email protected] ·

    #QuizOfTheDay:"An Essay on Universal History, the Manners, and Spirit of Nations" is a famous work by a famous French writer, historian, and philosopher.

    Who was this writer?

    A. Rene Descartes
    B. Voltaire
    C. Montesquieu
    D. Albert Camus

    knowledgezone.co.in/resources/

    #quizoftheday
  11. Knowledge Zone @[email protected] ·

    #QuizOfTheDay:"An Essay on Universal History, the Manners, and Spirit of Nations" is a famous work by a famous French writer, historian, and philosopher.

    Who was this writer?

    A. Rene Descartes
    B. Voltaire
    C. Montesquieu
    D. Albert Camus

    knowledgezone.co.in/resources/

    #quizoftheday
  12. Knowledge Zone @[email protected] ·

    #QuizOfTheDay:"An Essay on Universal History, the Manners, and Spirit of Nations" is a famous work by a famous French writer, historian, and philosopher.

    Who was this writer?

    A. Rene Descartes
    B. Voltaire
    C. Montesquieu
    D. Albert Camus

    knowledgezone.co.in/resources/

    #quizoftheday
  13. Knowledge Zone @[email protected] ·

    #QuizOfTheDay:"An Essay on Universal History, the Manners, and Spirit of Nations" is a famous work by a famous French writer, historian, and philosopher.

    Who was this writer?

    A. Rene Descartes
    B. Voltaire
    C. Montesquieu
    D. Albert Camus

    knowledgezone.co.in/resources/

    #quizoftheday
  14. Knowledge Zone @kzoneind ·

    are stored across the through synaptic plasticity, a process where neural connections are physically strengthened or reshaped when neurons repeatedly fire together.

    This initial pattern of network activity is coordinated by the hippocampus before undergoing structural consolidation, eventually embedding the memory permanently into the cerebral cortex.

    knowledgezone.co.in/posts/How-

    #memories #brain
  15. Knowledge Zone @[email protected] ·

    #Memories are stored across the #Brain through synaptic plasticity, a process where neural connections are physically strengthened or reshaped when neurons repeatedly fire together.

    This initial pattern of network activity is coordinated by the hippocampus before undergoing structural consolidation, eventually embedding the memory permanently into the cerebral cortex.

    knowledgezone.co.in/posts/How-

    #memories #brain
  16. Knowledge Zone @[email protected] ·

    #Memories are stored across the #Brain through synaptic plasticity, a process where neural connections are physically strengthened or reshaped when neurons repeatedly fire together.

    This initial pattern of network activity is coordinated by the hippocampus before undergoing structural consolidation, eventually embedding the memory permanently into the cerebral cortex.

    knowledgezone.co.in/posts/How-

    #memories #brain
  17. Knowledge Zone @[email protected] ·

    #Memories are stored across the #Brain through synaptic plasticity, a process where neural connections are physically strengthened or reshaped when neurons repeatedly fire together.

    This initial pattern of network activity is coordinated by the hippocampus before undergoing structural consolidation, eventually embedding the memory permanently into the cerebral cortex.

    knowledgezone.co.in/posts/How-

    #brain #memories
  18. Knowledge Zone @[email protected] ·

    #Memories are stored across the #Brain through synaptic plasticity, a process where neural connections are physically strengthened or reshaped when neurons repeatedly fire together.

    This initial pattern of network activity is coordinated by the hippocampus before undergoing structural consolidation, eventually embedding the memory permanently into the cerebral cortex.

    knowledgezone.co.in/posts/How-

    #memories #brain
  19. Knowledge Zone @kzoneind ·

    This is what we’ll see when goes : Medium

    Is a New Understanding of : WIRED

    The Processes Even Under , a New Finds : Time

    Latest

    knowledgezone.co.in/resources/

    #betelgeuse #supernova #genz #pioneering #truth #brain
  20. Knowledge Zone @[email protected] ·

    This is what we’ll see when #Betelgeuse goes #Supernova : Medium

    #GenZ Is #Pioneering a New Understanding of #Truth : WIRED

    The #Brain Processes #Language Even Under #Anesthesia, a New #Study Finds : Time

    Latest #KnowledgeLinks

    knowledgezone.co.in/resources/

    #betelgeuse #supernova #genz #pioneering #truth #brain
  21. Knowledge Zone @[email protected] ·

    This is what we’ll see when #Betelgeuse goes #Supernova : Medium

    #GenZ Is #Pioneering a New Understanding of #Truth : WIRED

    The #Brain Processes #Language Even Under #Anesthesia, a New #Study Finds : Time

    Latest #KnowledgeLinks

    knowledgezone.co.in/resources/

    #betelgeuse #supernova #genz #pioneering #truth #brain
  22. Knowledge Zone @[email protected] ·

    This is what we’ll see when #Betelgeuse goes #Supernova : Medium

    #GenZ Is #Pioneering a New Understanding of #Truth : WIRED

    The #Brain Processes #Language Even Under #Anesthesia, a New #Study Finds : Time

    Latest #KnowledgeLinks

    knowledgezone.co.in/resources/

    #knowledgelinks #study #anesthesia #language #brain #truth
  23. Knowledge Zone @[email protected] ·

    This is what we’ll see when #Betelgeuse goes #Supernova : Medium

    #GenZ Is #Pioneering a New Understanding of #Truth : WIRED

    The #Brain Processes #Language Even Under #Anesthesia, a New #Study Finds : Time

    Latest #KnowledgeLinks

    knowledgezone.co.in/resources/

    #betelgeuse #supernova #genz #pioneering #truth #brain
  24. Knowledge Zone @[email protected] ·

    #QuizOfTheDay: #Electric #Vehicles use rechargeable batteries to power the electric motors.

    What is the most widely used #Battery type for electric vehicles?

    A. Nickel-Metal Hydride
    B. Lead-Acid
    C. Lithium-ion
    D. Sodium nickel chloride

    knowledgezone.co.in/resources/

    #quizoftheday #electric #vehicles #battery
  25. Knowledge Zone @kzoneind ·

    : use rechargeable batteries to power the electric motors.

    What is the most widely used type for electric vehicles?

    A. Nickel-Metal Hydride
    B. Lead-Acid
    C. Lithium-ion
    D. Sodium nickel chloride

    knowledgezone.co.in/resources/

    #quizoftheday #electric #vehicles #battery
  26. Knowledge Zone @[email protected] ·

    #QuizOfTheDay: #Electric #Vehicles use rechargeable batteries to power the electric motors.

    What is the most widely used #Battery type for electric vehicles?

    A. Nickel-Metal Hydride
    B. Lead-Acid
    C. Lithium-ion
    D. Sodium nickel chloride

    knowledgezone.co.in/resources/

    #quizoftheday #electric #vehicles #battery
  27. Knowledge Zone @[email protected] ·

    #QuizOfTheDay: #Electric #Vehicles use rechargeable batteries to power the electric motors.

    What is the most widely used #Battery type for electric vehicles?

    A. Nickel-Metal Hydride
    B. Lead-Acid
    C. Lithium-ion
    D. Sodium nickel chloride

    knowledgezone.co.in/resources/

    #battery #vehicles #electric #quizoftheday
  28. Knowledge Zone @[email protected] ·

    #QuizOfTheDay: #Electric #Vehicles use rechargeable batteries to power the electric motors.

    What is the most widely used #Battery type for electric vehicles?

    A. Nickel-Metal Hydride
    B. Lead-Acid
    C. Lithium-ion
    D. Sodium nickel chloride

    knowledgezone.co.in/resources/

    #quizoftheday #electric #vehicles #battery
  29. Knowledge Zone @[email protected] ·

    #Humanoid #Robots are engineered to mimic the structural design and movement patterns of the human body, typically featuring a torso, a head, two arms, and two legs.

    The fundamental advantage of this anthropomorphic form factor is compatibility to navigate in real-world.

    knowledgezone.co.in/trends/bro

    #humanoid #robots
  30. Knowledge Zone @[email protected] ·

    What Does ‘#Elegance’ Mean in #Math? : Medium

    #Scientists Create ‘#Living #Plastic’ That Can Self-Destruct On Command : Misc

    Are #Humanoid #Robots all #Hype? : Misc

    Latest #KnowledgeLinks

    knowledgezone.co.in/resources/

    #elegance #math #scientists #living #plastic #humanoid
Next page