wtfismyip
@wtfismyip.com
We tell you wtf your IP address is, without logging or analytics! https://wtfismyip.com/
I spend more time on Mastodon: https://gnu.gl/@wtfismyip
I spend more time on Mastodon: https://gnu.gl/@wtfismyip
New version of #Asterisk fixes a remote crash (and maybe RCE!) in STIR/SHAKEN header parsing: CVE-2025-49832
github.com/asterisk/ast...
#CVE #appsec #CyberSecurity #VOIP
github.com/asterisk/ast...
#CVE #appsec #CyberSecurity #VOIP
Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c
### Summary
There is a remote DoS and possible RCE condition in asterisk/res/res_stir_shaken /verification.c that can be exploited when:
1. An attacker can set an arbitrary Identity header
2....
github.com
July 31, 2025 at 5:52 PM
New version of #Asterisk fixes a remote crash (and maybe RCE!) in STIR/SHAKEN header parsing: CVE-2025-49832
github.com/asterisk/ast...
#CVE #appsec #CyberSecurity #VOIP
github.com/asterisk/ast...
#CVE #appsec #CyberSecurity #VOIP
Reposted by wtfismyip
Reposted by wtfismyip
UPDATE: Someone from Signal's dev team reached out to me. Where things go from here, I don't know. But the at least they're aware of it, and will hopefully implement the (likely simple) patch in an upcoming update
Attempts to notify @signal.org (via email and intermediary) have repeatedly failed.
🚨 Using the Signal app to send a voice memo may reveal metadata indicating the type of device and OS you're using. 🚨
This can help track users (at desk or away) or be combined with other exploits targeting devices.
🚨 Using the Signal app to send a voice memo may reveal metadata indicating the type of device and OS you're using. 🚨
This can help track users (at desk or away) or be combined with other exploits targeting devices.
To answer a few questions early: as far as I can tell, it does not compromise the user's identity or encryption, but it does reveal things about the device they're using
February 22, 2025 at 2:05 PM
UPDATE: Someone from Signal's dev team reached out to me. Where things go from here, I don't know. But the at least they're aware of it, and will hopefully implement the (likely simple) patch in an upcoming update
wtfismyip.com looks a lot now like it did in 2013 (courtesy of archive.org): web.archive.org/web/20130603...
WTF is my IP?!?!??
Tells you WTF your IP address is
wtfismyip.com
December 18, 2024 at 10:35 PM
wtfismyip.com looks a lot now like it did in 2013 (courtesy of archive.org): web.archive.org/web/20130603...
Great read and a potentially good use case for LLMs - web fuzzing: www.invicti.com/blog/securit...
#appsec #CyberSecurity
#appsec #CyberSecurity
Brainstorm Tool Release: Optimizing Web Fuzzing With Local LLMs
Brainstorm is a new, smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
www.invicti.com
November 29, 2024 at 12:22 AM
Great read and a potentially good use case for LLMs - web fuzzing: www.invicti.com/blog/securit...
#appsec #CyberSecurity
#appsec #CyberSecurity
Reposted by wtfismyip
Hi new accounts!
You can self-verify here if you have a domain name!
You will see in my handle that it doesn’t have “bsky” in it.
bsky.social/about/blog/4...
You can self-verify here if you have a domain name!
You will see in my handle that it doesn’t have “bsky” in it.
bsky.social/about/blog/4...
How to set your domain as your handle - Bluesky
Using a domain as your handle helps with account identity, verification, and portability. Here's how to set your domain as your handle.
bsky.social
November 11, 2024 at 11:33 PM
Hi new accounts!
You can self-verify here if you have a domain name!
You will see in my handle that it doesn’t have “bsky” in it.
bsky.social/about/blog/4...
You can self-verify here if you have a domain name!
You will see in my handle that it doesn’t have “bsky” in it.
bsky.social/about/blog/4...
Reposted by wtfismyip
i’m gonna just watch this at least once a day and i recommend everyone do the same
November 6, 2024 at 11:00 AM
i’m gonna just watch this at least once a day and i recommend everyone do the same
Reposted by wtfismyip
Trivy 0.52.1 running on age v1.1.1
> Total: 31 (UNKNOWN: 2, LOW: 0, MEDIUM: 13, HIGH: 14, CRITICAL: 2)
govulncheck v1.1.2
> No vulnerabilities found.
govulncheck is correct. All the vulns reported by the other thing are provably false positives.
Please use govulncheck.
> Total: 31 (UNKNOWN: 2, LOW: 0, MEDIUM: 13, HIGH: 14, CRITICAL: 2)
govulncheck v1.1.2
> No vulnerabilities found.
govulncheck is correct. All the vulns reported by the other thing are provably false positives.
Please use govulncheck.
June 16, 2024 at 1:21 PM
Trivy 0.52.1 running on age v1.1.1
> Total: 31 (UNKNOWN: 2, LOW: 0, MEDIUM: 13, HIGH: 14, CRITICAL: 2)
govulncheck v1.1.2
> No vulnerabilities found.
govulncheck is correct. All the vulns reported by the other thing are provably false positives.
Please use govulncheck.
> Total: 31 (UNKNOWN: 2, LOW: 0, MEDIUM: 13, HIGH: 14, CRITICAL: 2)
govulncheck v1.1.2
> No vulnerabilities found.
govulncheck is correct. All the vulns reported by the other thing are provably false positives.
Please use govulncheck.