Has anyone else looked at CVE-2024-38063? I could use a sanity check here. From what I can see, the vulnerable code path can only be triggered with IPv6 Jumbograms (packets larger than 65535 bytes). Not only would the target system need to have Jumbograms enabled, but every link in the path between the attacker and target would have to both support Jumbograms and have them enabled. I can't imagine any real world scenario in which this would occur, so unless I'm missing something, this vulnerability could only be exploited on very few real world systems.

Cartoon Network's Website Was Deleted. That Should Scare You All
L: https://slate.com/technology/2024/08/david-zaslav-warner-bros-discovery-culture-deleting-movies-tv-shows.html
C: https://news.ycombinator.com/item?id=41262878
posted on 2024.08.15 at 23:25:16 (c=0, p=5)

@mainframed767 @fennix IBM Z Xplore is also nice because it exposes you to a bunch of different concepts and areas of basic mainframe tech, so if something sparks your interest you can then seek out specific training for those components, some of which are also free

When I got started with hardware hacking etc @travisgoodspeed was (and is) one of my heroes.

Now there’s a chapter in his new (awesome) book on a vuln I found. Feels awesome.

Thanks Travis for all your contributions to our community.

Also, you should buy his book!

https://www.usenix.org/conference/usenixsecurity24/presentation/cao-leo I am excited about anything that wants to make OAuth less terrible, and this not only seems to do that but has a nice clear threat model!

https://www.usenix.org/conference/usenixsecurity24/presentation/schilling this looks like if viable for real world use, something that could make binary-only target thread sanitization checks possible. I love how accessible sanitizers are; they’re the gateway drug of llvm instrumentation. I am also looking forward to reading this~

https://www.usenix.org/conference/usenixsecurity24/presentation/feng-siyue taint analysis across traces to see how well patches did at fixing vulns, but with a fancy Bloom filter to see if a particular code path has been hit before (I look forward to reading this)

https://www.usenix.org/conference/usenixsecurity24/presentation/bulekov this hypervisor emulation and fuzzing tool also looks really interesting and I’m looking forward to trying it out

https://www.usenix.org/conference/usenixsecurity24/presentation/qi System-level emulation and instrumentation is generally slow, but there’s a neat insight into when instrumentation *isn’t* necessary and what basic blocks to not instrument for QEMU-based system-level concolic execution in this work!

https://www.usenix.org/conference/usenixsecurity24/presentation/schl%C3%BCter the threat model (not the written out one in the paper, which is seemingly to me at least somewhat disjoint from what I understand from what I am hearing) that underlies this work is interesting; it points out that blindly trusting the hypervisor as part of trusting the cloud provider may not be in the best interest of operators of a VM (or a confidential VM using a TEE)

Tired of using your own tongue to test 9V batteries???
👅👅👅🔋🔋🔋 ouch!

Honored and humbled to announce my latest product:

MSI motherboards susceptible to code execution & firmware implant - analysis of CVE-2024-36877 https://jjensn.com/at-home-in-your-firmware

Enjoy the old sch00l lulz:
Fuck You Ilfak - A IDA Pro 9.0 Beta 2 macOS x86 Fix Loader

https://github.com/gdbinit/fuckyouilfak

Microsoft fixed CVE-2024-38213 last Tuesday. It was discovered in the wild by ZDI threat hunter @gothburz. Today, he makes the details of the vulnerability and how it's being used by threat actors. https://www.zerodayinitiative.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections

Two days ago, NIST finalized three post-quantum cryptography standards. Today, we are announcing an open-source Rust implementation of one of these standards, SLH-DSA, now available in RustCrypto! https://blog.trailofbits.com/2024/08/15/we-wrote-the-code-and-the-code-won/

CISA: CISA Adds One Known Exploited Vulnerability to Catalog
Hot off the press! CISA adds CVE-2024-28986 (9.8 critical, disclosed 13 August 2024 by SolarWinds) SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability to the Known Exploited Vulnerabilities Catalog.

Note: There was no indication that CVE-2024-28986 was being exploited in the wild in the security advisory.

cc: @campuscodi h/t: @hrbrmstr

#CVE_2024_28986 #SolarWinds #vulnerability #eitw #activeexploitation #cisa #kev #KnownExploitedVulnerabilitiesCatalog

NEW: Every Pixel phone released since 2017 has a hidden Verizon app, "Showcase.apk," with deep system access that has an unpatched flaw. Google's response to the vulnerability caused Palantir to ditch Android altogether. @lhn has the scoop: https://www.wired.com/story/google-android-pixel-showcase-vulnerability/

@briankrebs
From the days when we were all burning optical media: DVDisaster

The idea: When you burn a disc that isn't completely full, any unused sectors are truly wasted. This app uses them for extra ECC data. Here are screenshots from when I gouged a CD with a key, and then subsequently read the data from the scratched disc, without a single bit lost.

It's a nice example of a simple app that solves a real-world problem.

the most recent hackerone issue was filed because the user googled "[another project] bug bounty program", clicked the first link (to #curl's bug-bounty) and entered an issue about a completely different project...

Long thread ahead about training a classifier of "good/batch matches" for #Diaphora.

So, the whole idea that I have been working on for quite some time already to try to, somehow, improve matching in Diaphora is the following: Train a model to better determine if a pair of functions in two binaries (ie, a match between a function A in binary X, and function B in binary Y) is correct or not.