Mitigation: Group Policy to disable Sync Feature via Registry

Show thread

Helped a user this morning with an issue where she disabled cookies at home, but when she came to work, none of the Intranet sites would work. Noticed she had browser sync turned on with a personal account.
Thought of this attack vector Attack Vector:

1. Detect if Browser has sync feature turned on.
2. Set homepage to malicious page
3. Wait.

Recently visited a site and noticed in the url ?id=1 Of course, I had to try ?id=1' and sure enough i got a 500. Thinking possible injection, I wanted to talk to the owner before I went any further. whois shows that privacy is turned on, there is no contact information on the site. Other than e-mailing webmaster@domain, and twitter Any tips on finding contacts?

Wife: "When you coming to bed?"
Me: "Just have to write a systemd service unit. 10 mins max"
Systemd: *laughs*

@JohnsNotHere Big thank you for the podcast. As a developer and generalist myself, really enjoyed enjoyed Ep.51 and Ep 52.

I am working on starting a monthly infosec meetup in my community. Looking for suggestions and tips. Anyone?

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.