New vulnerability report from Talos:

MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953

CVE-2024-28025,CVE-2024-28026,CVE-2024-28027,CVE-2024-28025,CVE-2024-28026,CVE-2024-28027

Aaaand our QEMU patchset to automatically promote helpers to TCG (using LLVM) is out! 😱😱😱

It has been in the making for quite some time, we’re very proud of it. 💪

Presentation: https://www.youtube.com/watch?v=Gwz0kp7IZPE

Patchset: https://lists.gnu.org/archive/html/qemu-devel/2024-11/msg04035.html

@bean See also: https://www.nccgroup.com/us/research-blog/shell-arithmetic-expansion-and-evaluation-abuse/

What the absolute fuck: https://yossarian.net/til/post/some-surprising-code-execution-sources-in-bash

In short: [[ "$foo" -eq whatever ]] in bash can run arbitrary code.

That looks like something that can realistically trigger in a lot of scripts.

(also test -v, but I barely ever see that one used)

Edit: This also happens in zsh 5.9 (but the referenced variable needs to exist) and mksh

They also need to provide for an at-cost syndication of the search index to any who want it for ten years to correct for anticompetitive behavior in the market.

Basically, Google has to give competitors a card to the Library of Babylon.

Ten. Years. Search will never be the same.

Leveling Up Fuzzing: Finding more vulnerabilities with AI:

https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html

#fuzzing #google #vulnerabilities #ai #informationsecurity #cybersecurity

It's 2024. People spend more time looking at screens than not-screens. People spend more time in limited wavelength artificial lighting than natural light. Rather than trying to describe "real life", we should just stick to RGB, as "real life" IS mostly just RGB now

My WarCon slides about Ivanti Avalanche are public!

I tried to do some mapping of the attack-surface, show the new auth mechanism and present some research ideas (things I didn't try).
It also shows my first-ever fuzzing and memory corruption experience😆

https://github.com/thezdi/presentations/blob/main/2024_WarCon/Avalanche_WarCon24.pdf

@weddige @catsalad A much more fun way to test this is at the local playground with a toy truck

$1$hwrbwjlu$/Tr8NgIA4oKuqpC.1pnk3.:aaaaaaaaaa

[RSS] Finding Bugs in Chrome with CodeQL

https://bughunters.google.com/blog/5085111480877056/finding-bugs-in-chrome-with-codeql

It has turned out that the world just does not suffer significantly from the kind of problem that our research was originally intended to solve.

this is pretty titanic and sums up so much of what is wrong with software and computer science: just because a problem is theoretically interesting and/or rigorous and/or fun to work on *has no bearing whatsoever* on its usefulness in the real world. none. theyre unrelated. sometimes they overlap, cool, but they are not correlated.

you have to do a kind of analysis that engineers are not equipped to do. its a kind of design research that involves understanding your intended audience and their challenges. its deeply human and subjective and i was only exposed to it when working towards my MFA.

something about one of the titans of thought of computer science working for decades only to realize his formal systems -- while intellectually thorough and interesting! -- didnt solve anyone's problems. he just assumed they would. but he never asked. something about that to me feels like The Whole Story.

@ryanc See also Hannibal Lecter: https://video.infosec.exchange/w/7oDpz9V3mDnrLziH82Copv :)

@joxean This looks like a good opportunity to convince mgmt to change their minds

Google payed me a bugbounty for a bug I reported 8 years ago...

Safety in an Unsafe World - RustConf 2024 - How to move Rust beyond memory safety to guarantee freedom from any class of bugs

https://www.youtube.com/watch?v=Ba7fajt4l1M

Discussions: https://discu.eu/q/https://www.youtube.com/watch?v=Ba7fajt4l1M

#programming #rustlang

Naming conventions, always surprising me

Attackers are hijacking Jupyter notebooks to host illegal Champions League streams

https://cyberscoop.com/misconfigured-jupyter-notebooks-uefa-champions-league-streaming/

[RSS] Looking at the Internals of the Kenwood DMX958XR IVI

https://www.thezdi.com/blog/2024/11/18/looking-at-the-internals-of-the-kenwood-dmx958xr-ivi