One of the most lucid breaks I’ve seen in a while https://github.com/MorteNoir1/virtualbox_e1000_0day
libssh causes massive freakout
Another Struts RCE
Routing Around Nation-States: Overlays and Measurements https://ransom.cs.princeton.edu/
OpenSSH user oracle
Intel L1 bug
Bluetooth broken again
More Spectre defenses
Microsoft buys GitHub
Simon and Speck
I wonder how long before Rowhammer-style attacks make their way to networking equipment… https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf
A broken embargo, and lots of finger pointing. Security is awesome! https://efail.de/
patch runs ed
Xz format inadequate for long-term archiving
(from the lzip format author) https://www.nongnu.org/lzip/xz_inadequate.html
This of course is sad because we software developers are among the few people who are able to understand the strengths and weaknesses of formats. We have a moral duty to choose wisely the formats we use because everybody else will blindly use whatever formats we choose.
Exim pre-auth RCE
Juggling with packets
As such, the Internet has a non-zero momentary data storage capacity. It is possible to push out a piece of information and effectively have it stored until echoed back. By establishing a mechanism for cyclic transmission and reception of chunks of data to and from a number of remote hosts, it is possible to maintain an arbitrary amount of data constantly `on the wire', thus establishing a high-capacity volatile medium.
Temporal Return Addresses (2005)
Paper (PDF) An exploitation chronomancer is one who is capable of divining the best time to exploit something based on the alignment of certain bytes that occur naturally in a process’ address space
Abusing Certificate Transparency logs
Audio Adversarial Examples
Because the computer is always right. Only a matter of time before there’s malware hidden in the next pop hit. https://nicholas.carlini.com/code/audio_adversarial_examples/
30-year-old OpenVMS local root vuln
http://www.brendangregg.com/blog/2018-02-09/kpti-kaiser-meltdown-performance.html https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/ Spectre Mitigations in Microsoft’s C/C++ Compiler Intel Analysis of Speculative-Exectutation Side Channels (PDF) AMD Indirect Branch Control Extension (PDF)
Throw out all your computers. Again.
Intel CPU Design Flaw Meltdown and Spectre attack Reading privileged memory with a side-channel AMD processors unaffected Apple deals with KPTI with DoubleMap As expected, Intel’s CEO dumps his stock Retpoline Theo De Raadt talking about Intel flaws back in 2007
This is the tale of a macOS-only vulnerability in IOHIDFamily that yields kernel r/w and can be exploited by any unprivileged user.
MSPaint in your browser
Advent calendar season
Avast open-sources their decompiler
It has been X many days since last TLS disaster https://robotattack.org/
Microsoft Quantum Development Kit
AP Christmas Tree
Dude destroys tons of equipment, points out internet is broken. http://archive.is/PQAnU Amazingly, the ISP didn’t try to cover up the outage as some kind of network issue, power spike or a bad firmware upgrade. They didn’t lie to their customers at all. Instead, they promptly published a press release about their modems having been vulnerable which allowed their customers to assess their potential risk exposure. What did the most honest ISP in the world get for its laudable transparency? Sadly it got little more than criticism and bad press. It’s still the most depressing case of ‘why we can’t have nice things’ to me, and probably the main reason for why 99% of security mistakes get covered up and the actual victims get left in the dark. Too often ‘responsible disclosure’ simply becomes a euphemism for ‘coverup.’
Send Crypto People Tulips
Like shorting the market, but funnier https://sendcryptopeopletulips.com/
Fooling Neural Networks/Machine Learning
https://arxiv.org/abs/1708.05207 http://www.labsix.org/physical-objects-that-fool-neural-nets/ https://cvdazzle.com/ http://dismagazine.com/dystopia/evolved-lifestyles/8115/anti-surveillance-how-to-hide-from-machines/
So… MINIX is everywhere
Turns out there’s a lot of garbage hidden on CPU’s these days. Work is underway to defang the nastiness https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html https://schd.ws/hosted_files/osseu17/84/Replace%20UEFI%20with%20Linux.pdf
Code exec from VMWare guest
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.
Intel ME is unsurprisingly vulnerable
Linus Rant du Jour
If it's been on a random cellphone for a few months, and real users used it, and had facebook and candy crush running on it, that's a pretty different deal.
instant root on macOS High Sierra
I honestly have no words for how dumb this is.
fix: sudo passwd -u root dsenableroot -d
It turns out having 20+ Markdown implementations with no spec is a bad idea. Let’s see how long before there’s a competing spec ;-) http://commonmark.org/
Wouldn’t it be nice if we stopped writing critical system services in C? Nah. https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Macro-less code exec in MS Word
A2 Analog Attack
An older one, but a great read. https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/
The Pathologies of Big Data
"In designing applications to handle ever-increasing amounts of data, developers would do well to remember that hardware specs are improving too, and keep in mind the so-called ZOI (zero-one-infinity) rule, which states that a program should “allow none of foo, one of foo, or any number of foo.” That is, limits should not be arbitrary; ideally, one should be able to do as much with software as the hardware platform allows."
"... big data should be defined at any point in time as “data whose size forces us to look beyond the tried-and-true methods that are prevalent at that time.”
It turns out most Bluetooth stacks are terrible.
Design of Display Processors
Distrusting Symantec Certs
ABI Compliance Checker
Root Causes of Chrome Certificate Errors
https://research.google.com/pubs/pub46359.html To our surprise, we find that more than half of errors are caused by client-side or network issues instead of server misconfigurations.
More Intel ME 0wnage
Fake packages in PyPI
http://blog.talosintelligence.com/2017/09/fin7-stealer.html What makes this one interesting is the obfuscation techniques