ms-teams-rce
lots
ms-teams-rce | lots | |
---|---|---|
4 | 3 | |
1,110 | 50 | |
- | - | |
4.5 | 7.7 | |
over 3 years ago | 27 days ago | |
Java | ||
- | European Union Public License 1.1 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ms-teams-rce
-
Zoom vs MS Teams for Security
Just adding this here for people who think Teams is secure: https://github.com/oskarsve/ms-teams-rce
-
Schluss mit Microsoft und Co: Dortmund beschließt Wechsel zu Open Source
So als Beispiel https://github.com/oskarsve/ms-teams-rce
-
Can’t login to iCloud with “true” as the last name
> They tend to react with "either you can show us that this is a real danger or we'll ignore it".
This is a bit of a Catch-22 situation, as I get the feeling that proving the danger would often involve doing things that bounty programs specifically forbid, such as "Moving beyond “proof of concept” repro steps"[0]. That may be part of the reason why Microsoft got away with such a stingy response to the RCE vulnerability found in Teams by Oskars Vegeris.[1]
[0] https://www.microsoft.com/en-us/msrc/bounty-online-services?...
[1] https://github.com/oskarsve/ms-teams-rce/blob/main/README.md
-
Firefox not planning on supporting PWA
There's another angle to this that was discussed on the Risky Business[0] podcast a while back, namely the security angle. As the recent Microsoft Team's vulnerability[1] illustrated, with many Electron apps any XSS vulnerability turns into RCE. Personally I am moving away from Slack, Discord, and other electron apps like them. The browser sandbox ensures that XSS is "only" XSS and doesn't turn into RCE as well.
0: https://www.risky.biz/
1: https://github.com/oskarsve/ms-teams-rce
lots
- Schadenersatz droht: Datenschützer mahnt Aus für Microsoft 365 an Schulen an
-
French police: we saved millions of euros by adopting Ubuntu (2009)
Munich has been heavy users of Linux since 2003, and has a lot of workflow built using LibreOffice. It would be easy to switch to Windows, because LibreOffice runs on Windows, but to change word processors would require re-engineering all that, one assumes.
- Schluss mit Microsoft und Co: Dortmund beschließt Wechsel zu Open Source
What are some alternatives?
big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
jodconverter - JODConverter automates document conversions using LibreOffice or Apache OpenOffice.
docker-jitsi-meet - Jitsi Meet on Docker
JavaGuide - 「Java学习+面试指南」一份涵盖大部分 Java 程序员所需要掌握的核心知识。准备 Java 面试,首选 JavaGuide!
webapp-manager