You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
ahaha. CVE-2020-2100 came out today for Jenkins and a UDP amplification reflection attack, but it's actually far funnier: You can cause an infinite loop of bandwidth on any network with two Jenkins servers.
So Jenkins has a weird feature I've talked about before: You send a UDP packet to a broadcast address, and any jenkins servers will reply with some XML explaining where they are.https://twitter.com/Foone/status/1120763848313622530 …
but the important thing is that they'll respond to ANY udp packet aimed at that port, with another UDP packet to that port, right?
which means the message that triggers it can look like the message they send... Do you see where this is going?
UDP is connectionless, so all you have to do is find the two jenkins IPs (which is easy, because of this broadcast thing), then spoof a packet as coming from one to the other.
so you pretend to be Jenkins A and say "ANY JENKINS OUT THERE?" at B. B goes "HI! I am a Jenkins" and replies to A. A goes "Hi! I am a Jenkins" and replies to B. B goes "HI! I am a Jenkins" and replies to A. A goes "Hi! I am a Jenkins" and replies to B. B goes "HI! I am a Jenk
congrats, you now have two servers which will forever spam traffic at each other until you restart them or your network falls over
one of my previous employers had something like 20 jenkins servers when I left and they were working on ways to easily set up more.
imagine it. 20 nodes, each spamming 19 others, and being spammed by 19 others.pic.twitter.com/SKFKrxBATt
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
