Introduction to UPnP
This posts gives simple explanations of how UPnP (Universal Plug-and-Play) works, especially with the goal of testing the security of network-enabled devices such as routers, smart TVs, etc.
Read more…computer security vulnerability web dns-rebinding firefox
It was possible to bypass the filtering of private IPv4 addresses in the DNS-over-HTTPS (DoH) implementation of Firefox. This is CVE-2020-26961 and Mozilla bug 1672528. It has been fixed in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5.
Read more…
This posts gives simple explanations of how UPnP (Universal Plug-and-Play) works, especially with the goal of testing the security of network-enabled devices such as routers, smart TVs, etc.
Read more…
A DNS rebinding vulnerability as well as a Cross Site Request Forgery (CSRF) vulnerability on the DIAL (Discovery And Launch) implementation of the Samsung TV UE40F6320 (v1.0), from 2011. This can be used to open any installed application (eg. Netflix and Youtube) and force the vizualisation of a given video in the applications.
Read more…
A DNS rebinding vulnerability on the Universal Plug-anbd Play (UPnP) interface of the Samsung TV UE40F6320 (v1.0), from 2011. This could be used, for example, to change the channel, to know which channel is currently used or open the builtin browser to any URI.
Read more…
computer system network security android frida tls reverse-engineering
Some notes about to write a Frida script with the (somewhat classic) example of disabling certificate verification for TLS communications on Android applications.
Read more…
computer security vulnerability web upnp dns-rebinding csrf
CVE-2020-24373 CVE-2020-24374 CVE-2020-24375 CVE-2020-24376 CVE-2020-24377
I found some DNS rebinding vulnerabilities in Freebox devices (CVE-2020-24374, CVE-2020-24375, CVE-2020-24376, CVE-2020-24377) as well as a Cross Site Request Forgery (CSRF) vulnerability (CVE-2020-24373) These vulnerabilities were fixed in 2020-08-05.
Read more…
This post describes different software components involved in host name resolutions and DNS configuration on GNU/Linux systems. It consists of a diagram and some accompanying explanations. The goal is to give some pointers and references to understand how to troubleshoot host name/DNS resolution problems and configuration problems on GNU/Linux systems.
Read more…
Some scripts I wrote to enable system-wide push-to-talk (for X11 and PulseAudio). Some people might find it useful for the ongoing lockdown.
Read more…
Some guidance about configuring/fixing domain name resolution with a corporate Virtual Private Network (VPN), especially OpenVPN, with systemd-based Linux systems. This configuration uses the internal/private corporate resolvers for resolving internal/private domain names while using the ISP resolver for general domain names. This might help if your VPN is struggling these days because of the COVID-19 threat .
Using FlameGraph for displaying disk usage.
Read more…Page 1 of 6 | Previous page | Next page | JSON Feed | Atom Feed