Here's a fun PoC I built thanks to Ben's dataset.

    I don't want to ruin the surprise, so just try this command. (It's harmless.)

        ssh whoami.filippo.io
    For the security crowd: don't worry, I don't have any OpenSSH 0day and even if I did I wouldn't burn them on my blog. Also, ssh is designed to log into untrusted servers.


demure:

ha! I use https for git.

Still: interesting thing this guy pointed out.

Question: should I be using ssh? I have two factor enabled so https uses an access token which is unique for each machine I am pulling/pushing with


posted 3184 days ago