The Case of the Missing Shell Icon Overlays

From the Tree Computer Detective Files Dept. [...]

https://awadwatt.com/tezoatlipoca/the-case-of-the-missing-shell-icon-overlays

Use #TortoiseGIT to display incoming changes before Merge

https://stackoverflow.com/a/54411294/577052

When your teams #devops and cloud lead person doesn't know how to use #git from the #CommandLine then there is going to be a problem sooner or later.

He was saying, "there is a vscode project you can open up, but it's not on the main branch yet. So you can't start vscode to change branches." Then he complained I didn't have #TortoiseGit installed and asked how I managed to use git at all. He was amazed when I typed the magic incantation of `git checkout $$BRACH_NAME$$` on the keyboard and hit enter and it worked. I told him I had a paper manual on the bookshelf on git and had read it carefully. It doesn't mention a #gui beyond #gitk

FFS. How dense are these people? RTFM, It's not hard really.

Git GUIツールについて
https://qiita.com/ogix/items/77f1c515c67030982d5a?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #Git #TortoiseGit #SourceTree #gitgui

A critical security vulnerability has been found in the PuTTY client and related products, affecting versions from 0.68 to 0.80. This vulnerability, identified as CVE-2024-31497, allows attackers to recover secret keys when using the NIST P-521 elliptic curve digital signature algorithm (ECDSA) due to a flaw in nonce generation. Specifically, the first 9 bits of each ECDSA nonce generated by the affected versions are consistently zero, which enables attackers to recover the full secret key after observing about 60 valid ECDSA signatures generated under the same key.

This vulnerability is not limited to the PuTTY client itself but also affects several popular products that bundle the affected PuTTY versions, including FileZilla (versions 3.24.1 to 3.66.5), WinSCP (versions 5.9.5 to 6.3.2), TortoiseGit (versions 2.4.0.2 to 2.15.0), and TortoiseSVN (versions 1.10.0 to 1.14.6). Users of these products are urged to update to the latest patched versions immediately.

The impact of this vulnerability is significant because it compromises all NIST P-521 client keys used with PuTTY. Even if the root cause is fixed in the source code, an attacker can still carry out the attack if they have access to roughly 60 pre-patch signatures. This means that any keys used to sign arbitrary data, such as git commits through forwarded agents, can also be compromised if the signatures are publicly available on platforms like GitHub.

To mitigate the risk, users are advised to upgrade to PuTTY 0.81, FileZilla 3.67.0, WinSCP 6.3.3, and TortoiseGit 2.15.0.1. TortoiseSVN users are advised to configure the application to use Plink from the latest PuTTY 0.81 release when accessing SVN repositories via SSH until a patch becomes available. It is also recommended to remove the old public key from all OpenSSH authorized_keys files and the equivalent in other SSH servers, so that a signature from the compromised key has no value anymore. Then, generate a new key pair to replace it. Additionally, all ECDSA NIST-P521 keys used with any vulnerable product or component should be removed immediately from authorized_keys, GitHub, and other relevant locations.

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

https://www.openwall.com/lists/oss-security/2024/04/15/6

#cybersecurity #putty #filezilla #winscp #tortoisegit #tortoisesvn #vulnerability #svn #ssh #openssh #github

Obacht. Es gibt Probleme mit #PuTTY #FileZilla #WinSCP #TortoiseGit und #TortoiseSVN.
#ECDSA #CVE

https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/

CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in #PuTTY Client

PuTTY client and affected components generate biased ECDSA nonces for NIST P-521 (due to first 9 bits of nonce being zero). Assuming ~60 signatures signed by the same secret key can be collected the attacker may be able to recover the associated private key.

Affected:
- PuTTY 0.68 - 0.80

In addition the following software packages are also affected:
- #FileZilla 3.24.1 - 3.66.5
- #WinSCP 5.9.5 - 6.3.2
- #TortoiseGit 2.4.0.2 - 2.15.0
- #TortoiseSVN 1.10.0 - 1.14.6
(this list may be incomplete)

https://www.openwall.com/lists/oss-security/2024/04/15/6 #CVE202431497 #vulnerability #infosec #cybersecurity

Uninstalled #TortoiseGit, now also leaving the #Tortoise tools family behind after 20+ years, starting with TortoiseCVS 🥲#Git

@mew
Maybe it's late for this, but #TortoiseGit is a guilty pleasure of mine. Can't do the advanced stuff (or at least it's not recommended), but for ordinary uses it's A-Ok for me.

Windows-only, tho.