Alternating Current

A 10/100 optical switch found on the street?!


http://szetszedtem.hu/1477switch/switch.htm

Or this Russian VFC clock:

http://szetszedtem.hu/405oroszora/efkijelzos.htm

Take a look at this 486 laptop, with the original Win95 still booting for example:

http://szetszedtem.hu/149laptop486/dual.htm

Desperate times call for extraordinary measures - I brought back Feminist Hacker Barbie for this:

https://it.slashdot.org/story/23/12/04/171259/asking-chatgpt-to-repeat-words-forever-is-now-a-terms-of-service-violation

(The generator is here: https://computer-engineer-barbie.herokuapp.com/ )

I wonder if any country has something like this in their schools: this is a physics "story book" from 1984. Instead of simply describing phenomenon and prescribing exercises, it is a tale of a bunch of kids who discover things by themselves (and usually with a little help from books, parents or magical beings). And it is great because the story makes things easier to remember and shows the logic behind discoveries and inventions. It shows practical uses of the learned material too. I wish books like this were still a thing!

@scottjenson

Pretty cool demo!

https://github.com/bgstaal/multipleWindow3dScene

From: https://twitter.com/_nonfigurativ_/status/1727322594570027343

#streetart #budapest

#streetart #budapest

Session File Relative Path Traversal in sudo-rs

CVE-2023-42456

https://github.com/memorysafety/sudo-rs/security/advisories/GHSA-2r3c-m6v7-9354

"The OWASP HTML Sanitizer is a fast and easy to configure HTML Sanitizer"

Their example code:

https://github.com/OWASP/java-html-sanitizer/blob/master/src/main/java/org/owasp/html/examples/EbayPolicyExample.java

And we wonder how XSS is still all over the place...

(#ProTip JSoup works!)

@jacob @osxreverser

"this buffer overflow is easily exploitable (by transforming it
into a data-only attack)"

@timzania @SwiftOnSecurity AS/400 had exactly this idea back then, so it's a good time I share this straightforward diagram they ended up with :)

Of course, it's mostly for interoperability, but it's still telling that while you have a flat structure inside libraries (~=directories), your file objects can have members, turning files into directories...

Error is detected here in WebPDemuxInternal :

https://github.com/webmproject/libwebp/blob/7ba44f80f3b94fc0138db159afea770ef06532a0/src/demux/demux.c#L755

Based on this I'm pretty sure, that parsing fails because craft.c only does the minimum to conform the spec and pass WebPDecode().

To follow up on my experiments with black-box detection of the #BLASTPASS vuln[1] I looked into the source code of the dwebp sample used by Isosceles to demonstrate the trigger vs. vipsthumbnail where the vulnerable code doesn't seem to be reachable.

Based on the backtrace, dwebp enters the libwebp library via WebPDecode().

In contrast, vipsthumbnail uses the Demux API[2], and exits early when WebPDemux() reports an error (without triggering an OOB write).

This means that there are supported libwebp APIs that can catch at least some crafted inputs early, so proper error handling (not present in the official sample code btw...) can block exploitable paths.

Edit: After further digging (see reply) I'm pretty sure it's just the minimal PoC that doesn't pass the check in WebPDemux(), this shouldn't be a problem for a more complete input.

[1]: https://infosec.place/notice/AaEVhdW3h60AsBaM9g
[2]: https://chromium.googlesource.com/webm/libwebp/+/HEAD/doc/api.md#demux-api

Playing around with BLASTPASS, hoping to find a way to detect the vulnerable library in a black-box setting, through a higher level entry point - libvips[2] in this case.

Interestingly, vipsthumbnail handles the trigger[1] so gracefully, that ASAN doesn't seem to trigger o.O

This isn't very promising :( #fail

[1] https://blog.isosceles.com/the-webp-0day/
[2] https://www.libvips.org/

Great success! #SensorWatch

I'll use this whenever some suggests that throwing ridiculous computing power to generating semi-random character sequences (or monopoly money) is a solution to a problem: