I figured out how DMARC works, and it almost broke me

A Record Type Representation Trick

Integer Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082)

Issue #76

8/23/2021

or subscribe using...

Github icon for OAuth via Github Google icon for OAuth via Google
A Byte of Coding Issue #76
Howdy
I hope you all had a fabulous weekend. I personally can't complain; did some work, went on a hike, ate some tasty food, got enough sleep. What more could you ask for?

In other news, I've realized that services asking for a phone number for "verification" are really annoying. Why is this such a popular trend? For example, when setting up the official account for this newsletter on Twitter (check it out, for now I'll just be posting announcements for issues being released, but I think I'll also occassionally post interesting articles that don't make it into the newsletter and other fun stuff), they tell me "Please verify your number FOR YOUR SAFETY". What kind of BS is that? It's already been long established that SMS verification--or any phone number related verification isn't very safe (SIM spoofing anyone?). Is it to help reduce bot accounts? Weeeeell that seems to not be the case, since bots are still found a plenty everywhere. I'm guessing that it's, like usually, mainly for ad tracking. Sigh.

Well that's enough of a rant out of me. Here's today's issue.

I figured out how DMARC works, and it almost broke me

Published: 17 August 2021
Tags: email


One of my VPSs got hacked recently, most likely because I (incorrectly) setup a local email server on it. I'd known that it's regarded as a big no no, and usually recommended to just go with a service, but my hubris got the best of me, and I tried to do it regardless. Although Simon Andrews' article isn't related to the internal workings or security of a mail server, it does a deep dive into three essential (yet not very much written about) email DNS records SPF, DKIM, and DMARC that'll help prevent your email domain from getting spoofed.

Read Full Article

A Record Type Representation Trick

Published: 14 August 2021
Tags: scheme


Scheme has been around the 1970s, and is a (Lisp language (, (you know the (ones that love (paranthesis (?)))))). Was that too on the nose? Anyway, Göran Weinholt's technical article explains how "user-defined data types" AKA records are represented in Scheme, how single inheritance is handled in memory, and the trick for optimizing memory allocation for inherited record types in the Loko Scheme compiler.

Read Full Article

Integer Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082)

Published: 17 August 2021
Tags: security


The lengths to which malicious actors go to in order to get remote code execution on a machine always facinate me. But I totally understand the drive; the rush must be like solving an extremely challenging puzzle. Fortunately David Wells isn't a malicious actor, and has his article depicts the attack vector, presents the penetration method, and walks through the process, giving us a taste of what it takes to crack into someone's server via a service like "ManageEngine ServiceDesk Plus".

Read Full Article
Thanks for your Support! 

Thanks to supporters like Євген Грицай, Scott Munro, zturak, pek, Emil Hannesbo, and Joe Hill this newsletter is provided to you for (ad) free. If you'd like to also show your support and help out, you can donate on the Patreon page. It's not necessary, but it lets me know that I'm doing a good job and that you're finding value in the content.
Donate Here

Stats (updated daily)

Sent: 1536

Opens: 909

Clicks: 201

Link Clicks Clicks % Unique Clicks Unique Clicks %
I figured out how DMARC works, and it almost broke me 95 47.26% 80 47.90
Integer Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082) 47 23.38% 34 20.36
A Record Type Representation Trick 45 22.39% 40 23.95
official account 10 4.98% 9 5.39
Donate Here 4 1.99% 4 2.40

Previous

Back to Issues

Next