South Carolina’s capital city is planning a statue honoring two-time national championship coach Dawn Staley.
Court upholds WA residency requirement for cannabis industry
A U.S. judge has upheld Washington’s residency requirement for involvement in the state’s legal cannabis industry — a decision at odds with a federal appeals court ruling concerning a similar requirement in Maine.
President Biden says China’s Xi faces ‘enormous problems’
President Joe Biden on Wednesday said his Chinese counterpart Xi Jinping faces “enormous problems,” including a fragile economy.
Michigan wins third straight, 93-72 over Nebraska
Jett Howard made six 3-pointers and scored 22 points, Hunter Dickinson had 16 points and 10 rebounds and Michigan beat Nebraska 93-72.
North Korea’s Kim Jong Un presides over big military parade
North Korean leader Kim Jong Un has presided over a huge military parade showcasing the latest hardware of his fast-growing nuclear arsenal.
An interview with Satya Nadella on Microsoft’s partnership with OpenAI, using AI in a search engine, the competition with Google, and more (Nilay Patel/The Verge)
Nilay Patel / The Verge:
An interview with Satya Nadella on Microsoft’s partnership with OpenAI, using AI in a search engine, the competition with Google, and more — I’m coming to you from Microsoft’s campus in Redmond, where just a…
Kim Jong-un shows off daughter, missiles at North Korean parade
North Korean leader Kim Jong-un and his young daughter took center stage at a huge military parade, fueling speculation that she’s being primed as a future leader of the isolated country as her father showed off his latest, largest nuclear missiles.
WordPress Login Flooder (DDoS) python script I used on a client to test Fastly VCL misconfig
Recently, I was pentesting a client site and discovered they had a misconfig’d Fastly VCL. As such, it allowed spoofing, which meant all access logging in BigQuery and GCP log viewer were nearly irrelevant as you couldn’t trust whether or not it listed true origin IP.
To simulate the need to fix this issue, I wrote a simple Python script for spoofing with a DDoS. Unlike most “DDoS” scripts you’ll find in a repo (which don’t utilize zombies and therefore only sends requests from your own machine, aka just a DoS), I included mine to cycle through various proxies for obfuscation.
If the client hadn’t corrected the VCL config, they were susceptible to a potential unstoppable DDoS, as they had no rate-limiting enabled nor could have discovered the true IP if it were spoofed.
Nevertheless, check the script on GitHub and feel free to submit PRs or fork and use it for your own legal purposes.
submitted by /u/n4bb
[link] [comments]