The blog series based on one of the silicon research projects I've been working on is up!
Some really beautiful die shots in here.
https://ioactive.com/accessory-authentication-part-1-3/
Are we human? or are we dancer?
Introducing HydraDancer: A new hardware board and open source firmware for faster USB peripheral emulation.
The Facedancer legacy lives on!
If only we've gone faster it is because we relied on the previous work of our good neighbors
Thiébaud Fuchs tells the story here
https://blog.quarkslab.com/hydradancer-faster-usb-emulation-for-facedancer.html
Java 17.0.11 available for Solaris SPARC:
GLIBC-SA-2024-0004 CVE-2024-2961
Glibc iconv buffer overflow when converting strings to the ISO-2022-CN-EXT character set.
Wonder: Is there a viable attack vector where a threat actor has control of the target character set for iconv()?
https://www.openwall.com/lists/oss-security/2024/04/17/9
Today is the last day to take our annual reverse engineering survey! Don’t miss out on your chance to win free licenses.
"Education is intellectual infrastructure. So is science. They have very high yield, but delayed payback. Hasty societies that can't span those delays will lose out over time to societies that can."
— Stewart Brand
Looks like more libarchive CVE analysis is out from ZDI 👏
https://infosec.exchange/@thezdi/112286702067650822
In my last Patch Tuesday post for CVE-2024-20696, I linked a diff that details the patch for CVE-2024-20697 explained in ZDI’s writeup. Seems to line up! 🧐
https://diffpreview.github.io/?9574f311b3d3ff91d1ad0eb6c04138c0
👀
https://youtube.com/watch?v=zprSxCMlECA
There’s #demoscene, and then there’s this abomination of nature and genius
Somebody must have bet him that he couldn’t make a demo without the computer itself
Incredible research at BlackHat Asia today by Tong Liu and team from the Institute of Information Engineering, Chinese Academy of Sciences (在iie.ac.cn 的电子邮件经过验证)
A dozen+ RCEs on popular LLM framework libraries like LangChain and LlamaIndex - used in lots of chat-assisted apps including GitHub. These guys got a reverse shell in two prompts, and even managed to exploit SetUID for full root on the underlying VM!
The last episode of the "Hermit Project" is out, and it offers some insight into possible future scenarios for the project and my life.
Because Hermit wasn't just a computing project, it was mostly a journey of self-discovery.
https://tara.sh/posts/2024/2024-04-18_hermit_part_6/
Special thanks to @nina_kali_nina, @yottatsa, @usrbinkat and a friend (if you're reading this, yeah, it's you).
Also thanks to @kiwa and @ruhrscholz
A PSA since there's some confusion on this...
There is no vulnerability in Gorilla Sessions.
The vulnerability is in Palo Alto's internal SessDiskStore, which looks similar to FilesystemStore. Early analysis came to the mistaken conclusion that the vulnerable path was in FilesystemStore, but it's not. FilesystemStore authenticates the Session.ID with securecookie, SessDiskStore does not.