Snippets for yer computer needs


November, 2018

VirtualBox 0day

One of the most lucid breaks I’ve seen in a while


libssh causes massive freakout

September, 2018

Alpine APK

August 2018

Another Struts RCE


Routing Around Nation-States: Overlays and Measurements

OpenSSH user oracle

Intel L1 bug

July 2018


Bluetooth broken again

More Spectre defenses

June 2018

Microsoft buys GitHub

Simon and Speck

May 2018


I wonder how long before Rowhammer-style attacks make their way to networking equipment…


A broken embargo, and lots of finger pointing. Security is awesome!


April 2018

patch runs ed

Xz format inadequate for long-term archiving

(from the lzip format author)

This of course is sad because we software developers are among the few people who are able to understand the strengths and weaknesses of formats. We have a moral duty to choose wisely the formats we use because everybody else will blindly use whatever formats we choose.

March 2018

Exim pre-auth RCE

Juggling with packets

As such, the Internet has a non-zero momentary data storage capacity.
It is possible to push out a piece of information and effectively have
it stored until echoed back. By establishing a mechanism for cyclic
transmission and reception of chunks of data to and from a number of
remote hosts, it is possible to maintain an arbitrary amount of data
constantly `on the wire', thus establishing a high-capacity volatile

Temporal Return Addresses (2005)

Paper (PDF) An exploitation chronomancer is one who is capable of divining the best time to exploit something based on the alignment of certain bytes that occur naturally in a process’ address space

Abusing Certificate Transparency logs

February 2018

Audio Adversarial Examples

Because the computer is always right. Only a matter of time before there’s malware hidden in the next pop hit.

30-year-old OpenVMS local root vuln

Meltdown/Spectre (continued) Spectre Mitigations in Microsoft’s C/C++ Compiler Intel Analysis of Speculative-Exectutation Side Channels (PDF) AMD Indirect Branch Control Extension (PDF)

December 2018


Throw out all your computers. Again.

Intel CPU Design Flaw Meltdown and Spectre attack Reading privileged memory with a side-channel AMD processors unaffected Apple deals with KPTI with DoubleMap As expected, Intel’s CEO dumps his stock Retpoline Theo De Raadttalking about Intel flaws back in 2007


This is the tale of a macOS-only vulnerability in IOHIDFamily that yields kernel r/w and can be exploited by any unprivileged user.

MSPaint in your browser

December 2017

Advent calendar season

Avast open-sources their decompiler

ROBOT Attack

It has been X many days since last TLS disaster

Microsoft Quantum Development Kit Writing a Quantum Program

AP Christmas Tree

BrickerBot update

Dude destroys tons of equipment, points out internet is broken.

Amazingly, the ISP didn’t try to cover up the outage as some kind of network issue, power spike or a bad firmware upgrade. They didn’t lie to their customers at all. Instead, they promptly published a press release about their modems having been vulnerable which allowed their customers to assess their potential risk exposure. What did the most honest ISP in the world get for its laudable transparency? Sadly it got little more than criticism and bad press. It’s still the most depressing case of ‘why we can’t have nice things’ to me, and probably the main reason for why 99% of security mistakes get covered up and the actual victims get left in the dark. Too often ‘responsible disclosure’ simply becomes a euphemism for ‘coverup.’

Send Crypto People Tulips

Like shorting the market, but funnier

November 2017

Fooling Neural Networks/Machine Learning

So… MINIX is everywhere

Turns out there’s a lot of garbage hidden on CPU’s these days. Work is underway to defang the nastiness

Code exec from VMWare guest

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.

Intel ME is unsurprisingly vulnerable

Linus Rant du Jour

If it's been on a random cellphone for a few months, and real users
used it, and had facebook and candy crush running on it, that's a
pretty different deal.

instant root on macOS High Sierra

I honestly have no words for how dumb this is.

fix: sudo passwd -u root dsenableroot -d

October 2017


It turns out having 20+ Markdown implementations with no spec is a bad idea. Let’s see how long before there’s a competing spec ;-)

dnsmasq RCEs

Wouldn’t it be nice if we stopped writing critical system services in C? Nah.

Google teapot

Macro-less code exec in MS Word

A2 Analog Attack

An older one, but a great read.

The Pathologies of Big Data

“In designing applications to handle ever-increasing amounts of data, developers would do well to remember that hardware specs are improving too, and keep in mind the so-called ZOI (zero-one-infinity) rule, which states that a program should “allow none of foo, one of foo, or any number of foo.” That is, limits should not be arbitrary; ideally, one should be able to do as much with software as the hardware platform allows.”

“… big data should be defined at any point in time as “data whose size forces us to look beyond the tried-and-true methods that are prevalent at that time.”

KRACK Attack

WPA2 is broken, hum-de-dum

September 2017

BlueBorne attack

It turns out most Bluetooth stacks are terrible.

Design of Display Processors

Distrusting Symantec Certs

ABI Compliance Checker


Black Hat presentation

Root Causes of Chrome Certificate Errors

To our surprise, we find that more than half of errors are caused by client-side or network issues instead of server misconfigurations.


More Intel ME 0wnage

Fake packages in PyPI



FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks What makes this one interesting is the obfuscation techniques

The function body of the evaluated JavaScript appears to be within a multi-line comment, however, in reality this is evaluated as a multi-line string.

Linux PIE/stack corruption (CVE-2017-1000253)