Together with Marcel Pociot and our colleagues at Beyond Code and Spatie, I'm currently building Flare, a paid service which will be revealed at Laracon EU. Together with the service we'll release a package that will change the way you will work with Laravel. To stay in the loop subscribe to our mailinglist at https://flareapp.io

iTerm2 leaks everything you hover in your terminal via DNS requests

Link –

iTerm2, a populair terminal app, contained a very bad security issue. Everything you hover over was being checked if it was a clickable url. To determine if it's a valid url, the hovered over string was being checked against DNS server. So if you hover over a password, or a secret key or whatever it sent out to the internet. Obviously this is a big problem. It's fixed in the latest version. So if you use iTerm2 and haven't updated it recently, be sure to do it now! The problem is fixed in version 3.1.1.

iTerm2's leak issue was first discovered ten months ago. iTerm2's creator initially reacted by adding an option to iTerm 3.0.13 that allowed users to disable DNS lookups. The feature remained turned on by default for new and existing installations.

Dutch developer Peter van Dijk, software engineer for PowerDNS, a supplier of open-source DNS software and DNS management service, re-reported this feature and this time around, he pointed out some of the severe privacy leaks not included in the first bug report.

"iTerm sent various things (including passwords) in plain text to my ISP's DNS server," van Dijk wrote flabbergasted in a bug report he filed earlier today.

This time around, George Nachman, iTerm2's maintainer, understood the severity of the issue right away and released iTerm2 3.1.1 to fix the problem within hours. He also apologized for enabling this feature by default without analyzing possible consequences in more depth.

https://www.bleepingcomputer.com/news/security/iterm2-leaks-everything-you-hover-in-your-terminal-via-dns-requests/

Stay up to date with all things Laravel, PHP, and JavaScript.

Follow me on Twitter. I regularly tweet out programming tips, and what I myself have learned in ongoing projects.

Every two weeks I send out a newsletter containing lots of interesting stuff for the modern PHP developer.

Expect quick tips & tricks, interesting tutorials, opinions and packages. Because I work with Laravel every day there is an emphasis on that framework.

Rest assured that I will only use your email address to send you the newsletter and will not use it for any other purposes.