Brutkey

Bill
@Sempf@infosec.exchange

@cR0w@infosec.exchange I'm fairly sure there is no one using IM any more.

The last vuln cleaned them out.

cR0w
@cR0w@infosec.exchange

@Sempf@infosec.exchange A lot of people install it on Nextcloud for SVG support. Which is like shooting yourself in both feet but YOLOSEC or something, IDK.

Bill
@Sempf@infosec.exchange

@cR0w@infosec.exchange I can't imagine that a coder worth their salt would even sniff in that direction.

But, on the other hand, I've been around for a while, so my imagination is pretty good.

cR0w
@cR0w@infosec.exchange

@Sempf@infosec.exchange It's not coders though, it's admins. For example, I see this in the Security and Setup Warnings on my Nextcloud servers. How many server admins are going to understand that risk?

Screenshot that says "The PHP module 'imagick' in this instance has no SVG support. For better compatibility it is recommended to install it. For more details see the documentation ↗."
Bill
@Sempf@infosec.exchange

@cR0w@infosec.exchange Oh man, I didn't know about that. Any idea what PHP app is asking for that? I think even the PHP folx have started dissuading people from using it.

cR0w
@cR0w@infosec.exchange

@Sempf@infosec.exchange Apparently it's for generating image previews but I don't know the specific app. I don't install it and things work fine, but I don't work with SVGs either so maybe that's where it matters.

Bill
@Sempf@infosec.exchange

@cR0w@infosec.exchange It does have the easiest to use SVG classes, especially for "easy" languages like VB.NET and PHP.