文章

发布于

Security Bulletin 2024-07-02

a) regreSSHion, CVE-2024-6387, is an unauthenticated remote code execution in OpenSSH’s server (sshd) that grants full root access. It affects the default configuration and does not require user interaction. It poses a significant exploit risk. [link]

Debian 12 users are advised to upgrade to 1:9.2p1-2+deb12u3 immediately. [link]

b) NGINX PGP Signing Key is updated, all NGINX repository users are required to import the new keys. [link]

发布于

Just for fun: Now using BigQuery to import my credit card bills and analyze them, lol. (And the higest went to Uber Eats with no competition…)

SELECT
  shop,
  FORMAT_DATE('%Y-%m', date) ym,
  SUM(amount) as `count`
FROM `credit_csvs.utf-8`
GROUP BY ym, shop
ORDER BY count DESC

Replacing my Python analyzing script so I can just focus on adding more complex queries for future uses.

发布于

Interesting findings that for emails sent to Proofpoint protected MX, they might get rejected if the source domain has a stronger DMARC policy, e.g. strict DKIM alignment.

https://help.proofpoint.com/Proofpoint_Essentials/Email_Security/Administrator_Topics/Other_Features/Why_does_DKIM_fail

It all begins with a DMARC report I received from Outlook…

<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>pass</spf>
</policy_evaluated>

I was then eager to find out why DKIM failed in this case, and did some tests with a domain that has its MX pointed to pphosted servers. In the end, I was able to reproduce the issue with a URL link in my email so that it will be rewritten to URL Defense link, as a result, the email body was modified, and resulted in dkim=fail (body hash did not verify).