Tux Machines
Posted by Roy Schestowitz on Dec 05, 2022
=> today's leftovers | Programming Leftovers
=> ↺ OVE-20221101-0001: counter.social "private" account bypass - Xe Iaso
Incorrect configuration on counter.social allowed random people on the internet to stalk counter.social users without having an account. Included are numerous methods people could use to bypass the "private" account system to stalk counter.social users without having to authenticate. There is also a paid account feature bypass that allowed any user to trivially create a user account token with the API and then have the same privilege as the web client. This normally requires a paid account, but a client that chooses to opt-out of the security measures didn't require a paid account.
=> ↺ Can we block the addition of local Microsoft Defender Antivirus exclusions?
=> ↺ Rubenerd: Website security word salad
This is CSI Miami-level fluff. What sort of encryption? Where? For what data? Not compromised “in any other way” is either careless phrasing or a Freudian slip, and “complete safety” is impossible.
=> ↺ Apple’s Chinese dream is over
Of all the conversations I’ve had this week with senior people who were once in charge of building Apple products in China, one comment stuck out: China is “not just a location. It was also an era.”
=> ↺ Software horror show: SAP Concur
This complaint is a little stale, but maybe it will still be interesting. A while back I was traveling to California on business several times a year, and the company I worked for required that I use SAP Concur expense management software to submit receipts for reimbursement.
At one time I would have had many, many complaints about Concur. But today I will make only one. Here I am trying to explain to the Concur phone app where my expense occurred, maybe it was a cab ride from the airport or something.
=> gemini.tuxmachines.org This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB