clifff @clifff

0 posts0 participants0 posts today

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Mar 4 *

@GossiTheDog the sheer fact that #MSPs & #CSPs can access clients' setups without proper #authorization [including #KYC / #KYB, #AuthCode|s and proper authorization via contract] is already sickening.

This literally begs to be abused via #SocialEngineering / #SocialHacking of #Microsoft personnel or just blatant "#PrivilegueEscalation" through falsefully claiming to be a #MSP / #CSP contracted by the targeted company.

Such fundamental #ITsec fuckups are reasons alone not to use #Azure or any #Microsoft products & services at all...

I mean, it doesn't require #Mitnick-level skills to pull this off, since it doesn't necessitate #Lapsus-Style #SIMswap or other means to gain access...

CyberplaceKevin Beaumont (@GossiTheDog@cyberplace.social)Attached: 3 images This is the partner.microsoft.com portal, it allows CSPs - Cloud Solution Providers - to gain access to their customer's environments. CVE-2024-49035 was around improper privilege management, i.e. being able to access things you shouldn't. It being in CISA KEV says it was being exploited in the wild. That portal allows a huge footprint of access by design.

#mitnick #lapsus #simswap

**Th3Geo** @Th3Geo@meow.social · Feb 17

Feb 17

Th3Geo @Th3Geo@meow.social

Art Prize

For chocosnowflake @ BSky!

- Drawing Type:
Normal Style / Cell Shading / Icon

- [ 1 ] Character/s:
* Furry / Male / Wolf

- Background:
Flat Color

- Description:
Icon of a white wolf with grey details on his face and ears; also with red hair, eyes and a red circle on his face.. He's looking at the viewer pacefully

#prize #drawing #digital

**CrickettGrrrl or Va.** @CrickettGrrrlDraws@pixelfed.social · Jan 26

Jan 26

CrickettGrrrl or Va. @CrickettGrrrlDraws@pixelfed.social

WiP…

#clipstudiopaint #CSP #cat #dogs #desk #terrier #hello #unfinished

#unfinished

**Quillful (she/they)** @quillful@writing.exchange · Jan 7

Jan 7

Quillful (she/they) @quillful@writing.exchange

Here's my #MondayMotivation to myself! Practicing mid art is how you start making good art, lol.

#dragonage #dragonage2 #da2

**Th3Geo** @Th3Geo@meow.social · Jan 4

Jan 4

Th3Geo @Th3Geo@meow.social

Commission

For TechyFoxtrot @ Telegram! Thank you~

- Drawing Type:
Normal Style / Flat Color / Fullbody

- [ 1 ] Character/s:
* Furry / Male / Fox
* Furry / Male / Bird

- Background:
Simple

- Description:
An orange fox and Panchito [From "Ducktales"] playing a song, so the fox it's holding a guitar and Panchito is holding a mic

#comms #commission #drawing

**Th3Geo** @Th3Geo@meow.social · Jan 3

Jan 3

Th3Geo @Th3Geo@meow.social

Commission

For OhHeyTDK @ Telegram! Thank you~

- Drawing Type:
Normal Style / Cell Shading / Thigh Up

- [ 2 ] Character/s:
* Furry / Male / Dragon
* Furry / Male / Wolf

- Background:
Simple [Christmas tree]

- Description:
A green dragon and a grey wolf hugging each other in front of a Christmas tree while wearing some Christmas hats and seying each other with love

#comms #commission #drawing

**CrickettGrrrl** @CrickettGrrrl@toot.community · Jan 1

Jan 1

CrickettGrrrl @CrickettGrrrl@toot.community

At least THIS drawing challenge was finished. Prompts were: lighthouse, cat, granny. Gratuitous addition of the Belafonte in the turbulent waves.
#drawing #drawingchallenge #CSP #clipstudiopaint #cat #granny #lighthouse #storm #illustration

Drawing depicting nighttime storm clearing, & massive cat with beams of light coming from his eyes because he’s also a lighthouse. His owner is an elderly lady with hair in a bun & she looks worried. In the storm-tossed sea there is a tiny ship, the Belafonte (an ode to Wes Anderson’s film “The Life Aquatic”) & all of it’s lights are on. The storm is passing & beginning to show many stars among the clouds.

**CrickettGrrrl** @CrickettGrrrl@toot.community · Dec 21, 2024

Dec 21, 2024

CrickettGrrrl @CrickettGrrrl@toot.community

An oldie speed painting from 2015.
¯\_(ツ)_/¯
#drawing #doodle #CSP #tinydragon #dandelions #dragonwings

An oldie drawing I did of a tiny dragon leaping out of the grass amongst dandelion puffs. He has a sort of yellow puff on his head like his natural camouflage is to resemble a dandelion.

**DOKU** @dokukisu@mastodon.art · Dec 17, 2024

Dec 17, 2024

DOKU @dokukisu@mastodon.art

Neko maid sketch

This adorable neko maid sketch was so much fun to draw!
Thank you to my client for trusting me with their vision

#anime #animeartist #digitalart

**Cyclone** @cyclone@infosec.exchange · Dec 10, 2024 *

Dec 10, 2024 *

Cyclone @cyclone@infosec.exchange

#CynosurePrime has released #rlite, a lightweight alternative to #rling. Designed for fast #wordlist #sorting, #deduplication, and simple analytics.
https://forum.hashpwn.net/post/204
#hashpwn #rling #CsP #hashcracking

**CrickettGrrrl** @CrickettGrrrl@toot.community · Dec 7, 2024

Dec 7, 2024

CrickettGrrrl @CrickettGrrrl@toot.community

Still caturday here. An oldie, maybe unfinished, illustration.
#caturday #cat #kitten #drawing #illustration #CSP #MastoArt #whiskers

Illustration I made of a white kitten with blue eyes & some black spots & ears, on top of a terracotta-tiled wall. Expression is startled, tiny pointy tail is straight up.

**martinakraus** @MartinaKraus11@fosstodon.org · Oct 31, 2024

Oct 31, 2024

martinakraus @MartinaKraus11@fosstodon.org

Mein erster Artikel bei @heiseonline

Irgendwie freut mich das riesig.
Da komme bestimmt noch einige mehr

#security #csp

https://www.heise.de/hintergrund/Web-Security-Mit-Content-Security-Policy-gegen-Cross-Site-Scripting-Teil-1-9998046.html

DeveloperWeb-Security: Mit Content Security Policy gegen Cross-Site Scripting, Teil 1XSS-Schwachstellen sind nach wie vor ein Einfallstor für zahlreiche Angriffe im Web. Eine Content Security Policy hilft bei der Abwehr.

**Th3Geo** @Th3Geo@meow.social · Oct 11, 2024

Oct 11, 2024

Th3Geo @Th3Geo@meow.social

Commission

For No0o @ FurAffinity! Thank you~

- Drawing Type:
Normal Style / Cell Shading / Halfbody

- [ 1 ] Character/s:
* Furry / Male / Bunny

- Background:
Simple [Yellow gradient]

- Description:
A brown bunny with black hair and nails stretching himself while wearing a black shirt that says "I'M SORRY I'M LATE I'M GAY AND I WAS HAVING GAY SEX" as well of some black shorts

#comms #commission #drawing

**Paolo Melchiorre** @paulox@fosstodon.org · Sep 30, 2024

Sep 30, 2024

Paolo Melchiorre @paulox@fosstodon.org

TIL secure.py

"Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable."

https://github.com/TypeError/secure

GitHubGitHub - TypeError/secure: Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable. - TypeError/secure

#Python #library #security

**the fediverse chic Ⓐ** @mynameistillian@plush.city · Sep 17, 2024 *

Sep 17, 2024 *

the fediverse chic Ⓐ @mynameistillian@plush.city

https://www.tumblr.com/fenmere/761835831982948352

YO ALL ARTISTS WHO USE KRITA, CSP AND PROCREATE: PLEASE READ THIS AND CHECK YOUR COLOR SETTINGS.

there's a chance that your program had been using incorrect color settings and thus all of your works and ref sheets might have been desaturated or looking wrong

TumblrThe FenworksJust to make a point, every time I finished a panel of this I would export it as a PNG on the perceptual setting and use it as a color reference for the next panel IT'S BAD PLEASE CHECK YOUR COLOR…

#krita #csp #clipstudiopaint

**Tina M Casey** @Casey@newsie.social · May 16, 2024

**Tina M Casey** @Casey@mastodon.green · May 16, 2024

**Third spruce tree on the left** @tezoatlipoca@mas.to · May 6, 2024

May 6, 2024

Third spruce tree on the left @tezoatlipoca@mas.to

I'm still doing some debugging of some #CSP #Content #Security #policy #cookie setting on my web service.

I can see the right `Set-Cookie` content being sent back in the `Response Headers` but I cannot for the life of me figure out why #Firefox is rejecting it. Meanwhile #Edge sets the same cookie fine. And in the past, when I use Edge's dev tools to inspect the page and it rejects the cookie, I get a little symbol that tells me *why*.

**Third spruce tree on the left** @tezoatlipoca@mas.to · May 3, 2024

May 3, 2024

Third spruce tree on the left @tezoatlipoca@mas.to

Can anyone recommend a utility or trick to help diagnose #CSP (Content Security Policy) and #Javascript issues?

Have a web service. Worked great until I put it behind #NGINX, using its default CSP and upstream's js now gets clobbered due to `unsafe-eval`. But I don't want to allow `unsafe-eval`, I want to find out what in my javascript is being flagged. Anyone know a tool that *analyzes javascript for evals and equivalents?* My serch-fu isn't working.

Or do I have to get into #nonces etc.?

**Karsten Schmidt** @toxi@mastodon.thi.ng · Apr 28, 2024 *

Apr 28, 2024 *

Karsten Schmidt @toxi@mastodon.thi.ng

Been busy adding more docs & examples/snippets for the revamped https://thi.ng/csp package, the readme and core operators. Still more to come, but the most important parts & operations are covered now. Please gimme a shout if anything is unclear... I'm aware #CommunicatingSequentialProcesses is yet another fringe technique for many JS/TS devs, but that shouldn't make it any less interesting or elegant, especially these days where async features are fully supported everywhere and there's so much more than ye basic async/await patterns...

(The attached ping-pong example is taken from the updated readme, but barely scratches the surface of what's possible...)

TypeScript source code of a simple CSP-based communication between 2 async concurrent processes. See package readme (link in toot) for the full source....

#ThingUmbrella #CSP #Async

Recent searches

Search options

Administered by:

Server stats:

#csp