Screen is the traditional terminal multiplexer software used on Linux and Unix systems. We found a local root exploit in Screen 5.0.0 affecting Arch Linux and NetBSD, as well as a couple of other issues that partly also affect older Screen versions, which are still found in the majority of distributions.

A dirty PoC for a reverse shell with cool features in Rust - GitHub - BlWasp/rs-shell: A dirty PoC for a reverse shell with cool features in Rust

YouTube video by DEFCONConference

XBOW discovered a Server-Side Request Forgery (SSRF) vulnerability in the OTP preview feature of the open-source project, 2FAuth.

Thanks! jdahlstrom: > The standard library has pretty much converged on a `try_` prefix for routines that have both a panicking and `Result`-returning variant (possibly any `impl Try`-returning in the future?) `try_` for `Result`-returning functions (assuming there's a panicking variant too) seems solid, I'll use that. jdahlstrom: > AFAICS there's no strong convention on `Option`-returning functions, although overflow-checked arithmetic uses a `checked_` prefix. Thanks for pointing this out. I did see some discussion in the naming convention docs about `unchecked_`, but it was backwards from this: > For getters that do runtime validation such as bounds checking, consider adding unsafe `_unchecked` variants. Typically those will have the following signatures. > > > fn get(&self, index: K) -> Option<&V>; > fn get_mut(&mut self, index: K) -> Option<&mut V>; > unsafe fn get_unchecked(&self, index: K) -> &V; > unsafe fn get_unchecked_mut(&mut self, index: K) -> &mut V; > So yeah, seems like there may be no clear winner for `Option` yet.

A talk about recent high-profile issues related to the SSH ecosystem.