Joe Beeton @JosephBeeton - Twitter Profile

about 1 month ago

@taviso PNA keeps getting announced and then pulled due to as far as i can tell, compatibility issues with existing systems. But its a great area for finding vulnerabilities. https://t.co/H1HhkBgEHg lists some ive found. Inc a spring mcp vuln.

0

880

Joe Beeton

@JosephBeeton

2 months ago

@jasonsaayman @icanvardar Its weird seeing a crossover between the two big security stories I'm following today.

0

1

0

48

Joe Beeton

@JosephBeeton

2 months ago

@DealsFinderUK Very soom this is going to be cheaper than diesel

0

305

Joe Beeton

@JosephBeeton

2 months ago

@DJSnM @Matt_Lowne Don't forget handsome!

0

2

0

160

Who to follow

PrivSec

@PrivSec_Dev

A practical approach to Privacy and Security

⭐ Karol Juchniewicz Official (PL) 🇵🇱 🌈

@multiartysta

MultiArtysta / Prezenter TV / Wokalista / Aktor / Dziennikarz / Redaktor / Autor Książek / Web & Social Media Freelancer

druuwwwww🩶

@jfieldstruther

| justin fields ball enjoyer | atl / nc |

Joe Beeton

@JosephBeeton

2 months ago

@thinkdefence Chickenwire and some poles. Thats all you need.

0

2

0

318

Joe Beeton

@JosephBeeton

3 months ago

@PositivFuturist I think you are missing the point, when talking about paid for software. If you can pay 1/10 of the price for something that is "good enough". You will pick that.

0

1

0

39

Joe Beeton

@JosephBeeton

3 months ago

@PositivFuturist Bitbucket

0

32

Joe Beeton

@JosephBeeton

3 months ago

@trufflesec Im guessing part of the reason its taking so long to fix, is working out the best way to unravel this mess. Do you block older keys from accessing gemini? Create a new type of key meant to be publicly accessible? Any fix breaks some existing users workflows.

0

1K

Joe Beeton

@JosephBeeton

6 months ago

@Dinosn I imagine they have lost alot more than that in lost customers/sales.

0

23

Joe Beeton

@JosephBeeton

6 months ago

https://t.co/qmJM9ENNrc Ive done a few talks on this attack vector especially as a way to target developers that run services on localhost. Essentially js running in the browser can be used to interact in some circumstqnces with services bound to localhost leading to RCE on the devs machine in Spring, Quarkus, spring mcp. Several POCs can be found at https://t.co/wRBRPs8TlY its good to see it fixed at the browser level. Although another popup is not the way to do it.

0

7

Joe Beeton

@JosephBeeton

8 months ago

You can if course. You shouldnt Esp in a business Apart from the technical issues of limited library support, memory safety etc. The main issue is you find it impossible to get skilled enough developers to maintain it after you have moved on. Java web devs are cheap and plentiful

0

1

0

124

Joe Beeton

@JosephBeeton

about 1 year ago

@Osinttechnical Im suprised they still havent built relatively cheap hangars for their aircraft. These are relatively light fpv drones. Either hangars or just netting would have made this attack less effective. I know this is far from the front, but still.

3

12

0

4K

Joe Beeton

@JosephBeeton

about 1 year ago

@jaketeater @Osinttechnical Thats true, that makes fibre optic unlikely. So radio link to the container is most likely. I doubt they had rf jammers running at a airfield that far away.

0

1

0

340