Carlos Mogas da Silva @r3pek@r3pek.org

WordPress 5.1–critical exploit chain that enables an unauthenticated attacker to gain remote code execution on any WordPress installation:

https://blog.ripstech.com/2019/wordpress-csrf-to-rce/

– exploit is possible due to a CSRF vulnerability in comment forms
– fixed in WordPress 5.1.1

#wordpress #rce #csrf #wordpress5 #infosec #cybersecurity #security

~=8 Character Passwords Are Dead=~

New benchmark from the Hashcat Team shows a 2080Ti GPU passing 100 Billion password guesses per second (NTLM hash).

This means that the entire keyspace, or every possible combination of:
- Upper
- Lower
- Number
- Symbol

...of an 8 character password can be guessed in:

~2.5 hours

(8x 2080Ti GPUs against NTLM Windows hash)

#Hacking #Infosec

This website is absolutely awesome when it comes to DNS analysis, really cool graphs too https://dnsdumpster.com/ #DNS #OSINT https://t.co/nlg4nzmiAo

One of the questions I am asked at the #Eunomia meeting, are there any politicians/journalists using Mastodon? Help me out

Sticker idea. Not sure if I'll go with it.

#mastoadmin

does anyone have a script to reset permissions to default on everything in the mastodon directory?

I've seen some pretty new accounts lately. For those of you who are actually new, welcome to the Fediverse!

I'm gonna keep posting this until one of you fucking boosts it

If you wonder how or why so many verified Twitter accounts are getting hacked: scammers made about $180k in a single campaign https://www.iafrikan.com/2018/11/06/elon-musk-bitcoin-twitter-scam-verified-accounts/ #bitcoin #scam cc @elonmusk