(@jssfr@zombofant.net)
Sa 18.02.2023
Beiträge: 532Folgt: 109Folgende: 147
By day, #devops team lead at Cloud&Heat in Germany.
By night, #xmpp #electronics #embedded #penandpaper #rpg #photography.
My photography related alt is at @jssfr . May follow from here instead of there if you post non-photographic content, too.
Concerned with the state of the world (climate, for one, hatred and war for another), trying not to worry too much about things outside my control.
Interactions, boosts etc. in general welcome.
|
Föderation EN Do 21.12.2023 15:51:48 https://www.postfix.org/smtp-smuggling.html "SMTP Smuggling" vulnerability in Postfix allows to spoof senders even in the presence of some DMARC checks. Configuration workarounds exist. Also, a wholehearted f* you to SEC Consult, who sat on this since June and disclosed it to some closed-source vendors and MSPs, but could apparently not be bothered to give e.g. Postfix a heads-up, publishing this close to the holidays. Boosts for awareness welcome. Edit: So this has kinda blown up. and especially because the author of the SEC advisory is going to have a slot at 37C3, I would like to add something important: I intentionally wrote "SEC Consult" above, not "$individual". Do not start harassing that person. For all we know, this is a corporate failure and the individual would actually appreciate guidance and tips. That does not mean to not ask the hard questions, but keep the framing in mind. They might genuinely have been told by their managers that that is how responsible disclosure works. |