- Joined
- Dec 16, 2019
I think the one at the top is a different one (because it dropped Tues and that dropped Mon) but I agree, we need a thread to discuss this bullshit.
0.0.0.0 Day Vulnerability Discovered - Apparently been an issue since 2006
- Thread starter Betonhaus
- Start date
-
🔧 At about Midnight EST I am going to completely fuck up the site trying to fix something.
- Joined
- Jul 14, 2019
This is a completely separate issue that should warrant its own thread. And yeah, you should update now unless you know you're unreachable via IPv6, in which case you can defer it until tomorrow.
- Joined
- Dec 16, 2019
Made a thread, because be the change you want to be.
- Joined
- Jan 4, 2021
Yes. Update your software if you dont want it to be full of security vulnerabilities retard
indomitable snowman
Can't stop, won't stop (unless it gets above 32°F)
True & Honest Fan
kiwifarms.net
- Joined
- Dec 13, 2022
- Joined
- Feb 3, 2024
Indians have single handedly proven themselves to be my least favorite race.
Nixon was right.
Nixon was right.
- Joined
- Jul 3, 2021
- Joined
- Jul 2, 2024
Still trying to figure out what exactly is up with this, but it doesn't seem to be just a browser issue but sheer retardation from whatever spec specifies this behavior:
Why does this work? Why on earth would I ever want 0.0.0.0 or whatever to translate to localhost, let alone some other address?
In fact, from what I find (and understand) so far 0.0.0.0 is in fact not a valid destination address, so go figure.
Although yes, letting browsers fetch any resource willy nilly is retarded and has been a source of security issues since forever, not to mention making every application a webpage when a plain program/script would be fine. Modern internet browsers have a much too broad scope.
I still use uMatrix to disable JS by default, which should keep me a little more safe at least even if a more clever attacker could simply insert <img> tags.
Code:
$ ping 0
PING 0 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.020 ms
$ ping ::
PING :: (::) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.026 msIn fact, from what I find (and understand) so far 0.0.0.0 is in fact not a valid destination address, so go figure.
Although yes, letting browsers fetch any resource willy nilly is retarded and has been a source of security issues since forever, not to mention making every application a webpage when a plain program/script would be fine. Modern internet browsers have a much too broad scope.
I still use uMatrix to disable JS by default, which should keep me a little more safe at least even if a more clever attacker could simply insert <img> tags.
- Joined
- Dec 12, 2022
Some IPv4 addresses are special. Here's a list. Rather, here's the list:
We can see the sixteen million and some addresses in the zeroeth allocation refer to this network, and the address which is all zeroes refers to this host on this network. When I write a program that reserves a UDP port, this address is used for obvious reasons. The address which is all ones is a broadcast address.
There's no excuse to be unaware of this list, especially for people who are so adamant that their heads are not firmly lodged up their asses, like those idiots at Google.
- Joined
- Jul 2, 2024
Yes, but note that the same table indicates it is not valid as a destination address.
(likewise, 255.255.255.255/32 is not valid as a source address).
- Joined
- Dec 12, 2022
Well, yes, but but that just means it gets treated specially by the IP implementation or something else, which appears to be the entire flaw from what I see.
Squishie PP
kiwifarms.net
- Joined
- May 19, 2023