News

Site News

Operation JASK

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.

IETF 101

IETF 101 was organized in London this year. As usual, we, the hackers.mu team, participated remotely. This year, we were in as the TLS champions. Hence there was more responsibilities and planning needed.

Un membre de hackers.mu remporte le Grand Prix Drupal de Google Code-in

Maurice est à nouveau a l'honneur, grâce à quelques étudiants qui ont obtenu d'excellents résultats lors du concours Google Code In organisé par Google. Sous le mentora de hackers.mu, 15 étudiants issues différents collèges de l’ile notamment Le Collège du Saint Esprit, Le Collège Saddul, Le Collège Royale de Curepipe et Le Collège Royal de Port Louis se sont distingués lors de ce concours de développement informatique.

Operation Crypto Redemption

Inspired by Google's operation RoseHub. where a team of 50 Google employees used GitHub to patch the “Apache Commons Collections Deserialization Vulnerability”. This hackathon is focused towards reducing the probability of non random bytes, due to a concern that appeared from vault7.