Malicious Git repos could see an attacker remotely execute code on your system

-
Malicious Git repos could see an attacker remotely execute code on your system
By Matthew Hughes


If you use Git, it’s time to update it. Like, now. The latest version of the popular source management software addresses two frightening bugs, which could see an attacker execute their own arbitrary code on a victim’s computer, should the latter clone a malicious repository. The first bug has a CVE number of CVE-2018-11235, and was reported by security researcher Etienne Stalmans. This exploits a flaw in Git where sub-module names provided by the .gitmodule file are improperly validated when appended to $GIT_DIR/Modules. This leaves it open to a pretty standard directory hopping attack. Including “../” in a name could…

This story continues at The Next Web


May 30, 2018 at 10:38PM
via The Next Web https://ift.tt/2LKQpdJ

Comments

Post a Comment

Popular posts from this blog

ASMR videos could be a new digital therapy for mental health

-
Image
ASMR videos could be a new digital therapy for mental health By The Conversation You may know “ASMR” as the niche genre of YouTube video which people watch on tablets and laptops to help them relax, perhaps before bed or in the lull of a Sunday afternoon. These videos typically involve someone role-playing a mundane professional service, such as giving you a haircut, a massage, or booking you in for a doctors’ appointment. The role-plays are usually performed in whispered voices, with the “ASMRtist” (the term for the creators of these videos) focused on building a feeling of intimacy and emphasizing any crisp sounds or slow hand movements. But what exactly is ASMR, and… This story continues at The Next Web October 4, 2018 at 01:08PM via The Next Web https://ift.tt/2DTwEkg
Read more

Fairies and deepfakes: a brief history of visual trickery

-
Image
Fairies and deepfakes: a brief history of visual trickery By The Conversation “Deepfake” is the name being given to videos created through artificially intelligent deep learning techniques. Also referred to as “face-swapping”, the process involves inputting a source video of a person into a computer, and then inputting multiple images and videos of another person. The neural network then learns the movements and expressions of the person in the source video in order to map the other’s image onto it to look as if they are carrying out the speech or act. This practice was first used extensively in the production of fake pornography in late 2017 – where the faces of… This story continues at The Next Web September 25, 2018 at 07:13PM via The Next Web https://ift.tt/2Oc2SLs
Read more

This Hacker News thread is a masterclass in how to put down your damn smartphone

-
Image
This Hacker News thread is a masterclass in how to put down your damn smartphone By Bryan Clark While it’s not worth rehashing the details, I believe most of us would agree that smartphones are both good and bad. On the one hand, we have a device that holds the vast majority of human knowledge. It’s an invention responsible for a shift in power that democratizes information and empowers those most capable of dispensing it — in theory, at least. On the other, we have a doomsday device responsible for wrecking societal norms (for better or worse) and leading to a population that’s sleep deprived, anxious, and generally unhappy — among other things. Ignorance, as they say, is… This story continues at The Next Web April 25, 2018 at 04:31AM via The Next Web https://ift.tt/2HWveUq
Read more