CVE-2024-41660: A Critical Vulnerability in OpenBMC https://tetrelsec.com/posts/cve-2024-41660-slpd-lite/

MIFARE Classic: exposing the static encrypted nonce variant https://eprint.iacr.org/2024/1275.pdf

Wired was manipulated into spreading misinformation to market Palantir and iVerify by misrepresenting a vulnerability in a disabled demo app as being a serious problem which could be exploited in the real world. They should retract the article but won't.

https://wired.com/story/google-android-pixel-showcase-vulnerability/

GrapheneOS has gone through each of the carrier apps included on Pixel generation to determine their purpose and consequences of including or excluding them. Here it is being excluded from the new adevtool project for ProtonAOSP and GrapheneOS in 2021:

https://github.com/GrapheneOS/adevtool/commit/9c5ac945f#diff-95eb7b50f2781158146e721436d7c5d6f7421755906307a6b7a1f727bb20d53eR109

GrapheneOS has publicly posted about the carrier apps included on Pixels and their privileged permissions on numerous occasions. We talked about the ones which get enabled automatically based on using a SIM from a carrier rather than a disabled demo without an automatic trigger.

For #CircuitPythonDay2024 I'm porting Micropython to the SensorWatch SAML22J18 that fits in the classic Casio FT-91W. https://www.sensorwatch.net/

It's the Freya's day today so let's run another #nakeddiefriday why don't we.

Today I got a #French classic form 1983, one of the very first chip cards. The micromodule is a very characteristic shape of those designed by Bull.

On the die itself, the EEPROM array is in the very center, with the address counter to the right, drivers above and the data multiplexer below.

Note the designer initials, C.B. and Y.G.

Hi-res: https://siliconpr0n.org/archive/doku.php?id=infosecdj:bull:et1001

#reverseengineering #electronics #icre #microscopy

ClamAV Antivirus 1.4 ends 32-bit Linux support, introduces ARM64 packages for Windows, improves ALZ and LHA archive handling, and more.
https://linuxiac.com/clamav-antivirus-1-4-ends-32-bit-linux-support/

#clamav #antivirus #linux #opensource

Zabbix Server Critical Arbitrary Code Execution Vulnerability (CERT-EU Security Advisory 2024-082)

On August 13, 2024, a critical vulnerability, CVE-2024-22116, was disclosed in Zabbix Server, allowing attackers with restricted administrative permissions to execute arbitrary code. The flaw, identified in the Ping script execution within the Monitoring Hosts section, can compromise the entire infrastructure. The vulnerability carries a CVSS score of 9.9.

https://www.cert.europa.eu/publications/security-advisories/2024-082/

Has anyone else looked at CVE-2024-38063? I could use a sanity check here. From what I can see, the vulnerable code path can only be triggered with IPv6 Jumbograms (packets larger than 65535 bytes). Not only would the target system need to have Jumbograms enabled, but every link in the path between the attacker and target would have to both support Jumbograms and have them enabled. I can't imagine any real world scenario in which this would occur, so unless I'm missing something, this vulnerability could only be exploited on very few real world systems.

Cartoon Network's Website Was Deleted. That Should Scare You All
L: https://slate.com/technology/2024/08/david-zaslav-warner-bros-discovery-culture-deleting-movies-tv-shows.html
C: https://news.ycombinator.com/item?id=41262878
posted on 2024.08.15 at 23:25:16 (c=0, p=5)

@mainframed767 @fennix IBM Z Xplore is also nice because it exposes you to a bunch of different concepts and areas of basic mainframe tech, so if something sparks your interest you can then seek out specific training for those components, some of which are also free

When I got started with hardware hacking etc @travisgoodspeed was (and is) one of my heroes.

Now there’s a chapter in his new (awesome) book on a vuln I found. Feels awesome.

Thanks Travis for all your contributions to our community.

Also, you should buy his book!

https://www.usenix.org/conference/usenixsecurity24/presentation/cao-leo I am excited about anything that wants to make OAuth less terrible, and this not only seems to do that but has a nice clear threat model!

https://www.usenix.org/conference/usenixsecurity24/presentation/schilling this looks like if viable for real world use, something that could make binary-only target thread sanitization checks possible. I love how accessible sanitizers are; they’re the gateway drug of llvm instrumentation. I am also looking forward to reading this~

https://www.usenix.org/conference/usenixsecurity24/presentation/feng-siyue taint analysis across traces to see how well patches did at fixing vulns, but with a fancy Bloom filter to see if a particular code path has been hit before (I look forward to reading this)

https://www.usenix.org/conference/usenixsecurity24/presentation/bulekov this hypervisor emulation and fuzzing tool also looks really interesting and I’m looking forward to trying it out

https://www.usenix.org/conference/usenixsecurity24/presentation/qi System-level emulation and instrumentation is generally slow, but there’s a neat insight into when instrumentation *isn’t* necessary and what basic blocks to not instrument for QEMU-based system-level concolic execution in this work!

https://www.usenix.org/conference/usenixsecurity24/presentation/schl%C3%BCter the threat model (not the written out one in the paper, which is seemingly to me at least somewhat disjoint from what I understand from what I am hearing) that underlies this work is interesting; it points out that blindly trusting the hypervisor as part of trusting the cloud provider may not be in the best interest of operators of a VM (or a confidential VM using a TEE)

Tired of using your own tongue to test 9V batteries???
👅👅👅🔋🔋🔋 ouch!

Honored and humbled to announce my latest product: