In 10 mins: The master key #38c3

https://streaming.media.ccc.de/38c3/zigzag

#HDCP

VulnCheck: Four-Faith Industrial Router CVE-2024-12856 Exploited in the Wild
CVE-2024-12856 (7.2 high) Four-Faith Industrial Router post-auth command injection is a reported exploited zero-day. Suricata rule available, no IOC though.

@todb there are still 2 more weekdays left in 2024, cram it all into the KEV!

#vulnerability #fourfaith #cve #eitw #activeexploitation #CVE_2024_12856 #infosec #cybersecurity

After 6 months and about 333 commits I proudly present:

Faircamp 1.0 – A static site generator for audio producers
https://simonrepp.com/faircamp/

To recap the highlights of the past months and learn what's new in the final 1.0 release, check out the blog post: https://simonrepp.com/posts/faircamp-1.0/

Development of version 1.0 was made possible through the amazing support, funding and expertise of the @NGIZero programme and coalition, led by the @nlnet foundation and financed by the European Commission's @EC_NGI initiative – thank you so much for giving me and everyone benefitting from a better Faircamp this incredible opportunity!

Also, many thanks to all faircampers, contributors, testers, translators, bloggers, podcasters and encouraging voices for supporting this journey - for the final 1.0 release specifically to @branpos for release candidate testing, @n00q for bugreporting/testing, @limebar for the external artist page feature inspiration and @Vac for their diligent translation work.

Along with this release I've published multiple new documentation resources - from an official Linux/macOS/Windows tutorial to a 1.0 migration guide, from an overhauled reference manual to a beginner's guide to publishing faircamp (or any!) static sites - check out the website and recent posts in the #faircamp hashtag to discover them!

That's all!

I presented about file formats at #38C3.
Thanks for the feedback everyone!
https://speakerdeck.com/ange/fearsome-file-formats-18374bc4-b3f2-429f-862e-2177ab4d7aae

Unsigned and unencrypted radio protocols control a large amount of street lamps and power plants, threatening European grid stability.

All you need is a large antenna, aka. putting a wire on a kite.

Check the research of Fabian and Luca in Saal 1 at 21:45 #38c8 or at Spiegel (paywall).

https://www.spiegel.de/netzwelt/web/stromversorgung-koennten-hacker-blackouts-ueber-funk-ausloesen-a-53c29240-425b-4603-852e-5a1c0a1e5400

Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! #38c3

https://streaming.media.ccc.de/38c3/relive/492

Didn't expect this one to have a #synthdiy angle! 🤩

I would complain about #38c3 streaming issues but the very existence of the service is so impressive I'll just thank the Angels now: thank you!

(Edit: in case of problems, downloads still work)

To little surprise it seems that multiple #antivirus vendors have been ignoring COM hijacking as a self-defense bypass and LPE vector since at least 2018, when I first published about this technique (see my prev post).

At #38c3 guys from Neodyme demonstrated some more elegant exploits than my initial PoCs, nice work! My German is rusty but I think I'd have some comments about proposed solutions :)

ReLive will be available here:

https://streaming.media.ccc.de/38c3/relive/815

In 10mins: Der Schlüssel zur COMpromittierung: Local Privilege Escalation Schwachstellen in AV/EDRs #38c3

https://events.ccc.de/congress/2024/hub/event/der-schlssel-zur-compromittierung-local-privilege-escalation-schwachstellen-in-av-edrs/

This looks remarkably similar to my previous research on #antivirus privescs:

https://blog.silentsignal.eu/2018/01/08/bare-knuckled-antivirus-breaking/
https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/

Can't wait to see what these guys found!

Does anybody have a tap for a keg of beer (10l, DIN 6647-1) with them? Maybe a top vent as well. We Cologne people have beer, but no way to get it out of the keg.

If you can help us out of our misery, that would be great. And you'll get beer! 🍻

#38C3

At #38C3, who's around? :)

Raw recordings of #38C3 from yesterday are live here:
https://streaming.media.ccc.de/38c3/relive

extremely based slide to end on for the train hackers #38c3

New assessment for topic: CVE-2024-48457

Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."

"[CVE-2024-48457](https://www.cve.org/CVERecord?id=CVE-2024-48457) is an authentication bypass that allows for an unauthenticated reset of the Wifi and admin password of the router. ..."

Link: https://attackerkb.com/assessments/182d054a-a1ba-4e39-8b00-bae34a0a894a

YouTuber won DMCA fight with fake Nintendo lawyer by detecting spoofed email
Gamer urges YouTube to change DMCA takedown process to end copyright abuse.
https://arstechnica.com/tech-policy/2024/12/youtuber-won-dmca-fight-with-fake-nintendo-lawyer-by-detecting-spoofed-email/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

I will give two lightning talks at #38c3 🎉 Both on day 3, stage Huff, around 11:30am.

Detecting Fake Base Stations with CellGuard on iOS 📶
https://cfp.cccv.de/38c3-lightningtalks/talk/8RRHKT/

iOS Inactivity Reboot 📲
https://cfp.cccv.de/38c3-lightningtalks/talk/B83MXJ/

New, w/ @lorenzofb: Data-loss prevention startup Cyberhaven was hacked to publish a malicious update to its Chrome extension, affecting potentially thousands of users. A security researcher says other big Chrome extensions were hacked in the same campaign.

More: https://techcrunch.com/2024/12/27/cyberhaven-says-it-was-hacked-to-publish-a-malicious-update-to-its-chrome-extension/

I finally figured out why I can't bypass the V8 Sandbox on the Amazon Echo Show 5's Wi-Fi captive portal browser.

... it's 32-bit; there is no V8 Sandbox

When digital materials are vulnerable to sudden removal, our collective memory is compromised, and the public’s ability to access its own history is at risk. This year, we released the Vanishing Culture report, a study that details instances of cultural loss and emphasizes the crucial role that libraries and archives play in preserving materials for future generations.

Help us in saving these resources: https://archive.org/donate/?origin=mstdn-eoy2024

“The Chaos Computer Club supports the three hackers who explained in detail at 37C3 how the Polish rail vehicle manufacturer Newag had manipulated its trains in such a way that they could only be repaired in the company's own workshops. The manufacturer reacted to the publications with an attitude not seen since the 90s and sued the hackers under both criminal and civil law.

The CCC is calling for donations to cover the legal and other resulting costs incurred so far.”

https://www.ccc.de/en/updates/2024/das-ist-vollig-entgleist