[RSS] Pluralistic: Ad-tech targeting is an existential threat

https://pluralistic.net/2025/02/20/privacy-first-second-third/

Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done.

— Andy Rooney

@4Dgifts "Von Neumann himself attributed his generation's success to 'a coincidence of some cultural factors' that produced 'a feeling of extreme insecurity in the individuals, and the necessity to produce the unusual or face extinction'" (The Man from the Future, the Visionary Ideas of John von Neumann, quoting from Stanislaw Ulam's Andventures of a Mathematician)

I gave a day 1 closing keynote at DistrictCon yesterday. Surprisingly, it was a security talk about memory safety.

Slides are here:
https://docs.google.com/presentation/d/1-CgBbVuFE1pJnB84wfeq_RadXQs13dCvHTFFVLPYTeg/edit?usp=drivesdk

Writing a #Ghidra processor module

https://irisc-research-syndicate.github.io/2025/02/14/writing-a-ghidra-processor-module/?ref=blog.exploits.club

"In this article we will create a Ghidra processor module for the iRISC processors, these processors are embedded in the ConnectX series of NICs from NVIDIA/Mellanox."

Not a beginners tutorial, as it skims over many important steps and details, but still good to have more of these as there's always a trick or two to learn.

Optimizing the regexes, or not

https://www.hexacorn.com/blog/2025/02/22/optimizing-the-regexes-or-not/

It's EXPLOIT CLUB DAY 📰

Linux kernel goodies from @h0mbre_

@patch1t spends another week showing you no patch is safe

@vv474172261 makes Microsoft re-think their bounty program

USB Restricted Mode Bypass RCA from @quarkslab

+ Jobs and MORE 👇

https://blog.exploits.club/exploits-club-weekly-newsletter-60-kctf-patch-gaps-usb-restricted-mode-bypasses-llm-harnesses-and-more/

Released Pwndbg 2025.02.19 with new commands for dumping Linux kernel nftables, initial LoongArch64 support and more!

See changelog on https://github.com/pwndbg/pwndbg/releases/tag/2025.02.19 !

I tried my hand at exploiting an nday on the Google Container Optimized OS instance in kCTF but sadly was very late to the party. Here is my exploit write-up for it. I learned a lot during the process, let me know what you think. I'll post TL;DR in thread
https://h0mbre.github.io/Patch_Gapping_Google_COS/

New Project Zero issue:

Linux: io_uring: UAF of io_ev_fd; io_eventfd_do_signal() frees on refcount drop without RCU delay

https://project-zero.issues.chromium.org/issues/388499293

CVE-2025-21655

PostgreSQL 17.4, 16.8, 15.12, 14.17, and 13.20 Released

https://www.postgresql.org/about/news/postgresql-174-168-1512-1417-and-1320-released-3018/

This fixes a regression introduced by the latest vulnerability fix:

"The fix for CVE-2025-1094 caused the quoting functions to not honor their string length parameters and, in some cases, cause crashes."

CVE 2025-26794 - SQL injection in Exim

https://exim.org/static/doc/security/CVE-2025-26794.txt

Configs using SQLite may be vulnerable.

Project: python/cpython https://github.com/python/cpython
File: Lib/pathlib/_abc.py:504 https://github.com/python/cpython/blob/2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd/Lib/pathlib/_abc.py#L504

def walk(self, top_down=True, on_error=None, follow_symlinks=False):

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fpathlib%2F_abc.py%23L504&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fpathlib%2F_abc.py%23L504&colors=light

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75ab2fe6c

VerifyCertChain

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2fe6c.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2fe6c.json&colors=light

The hashcat.net site is down -- side effect of maintenance by hosting provider. Being worked.
[Edit: back up a week later]

Current release (GitHub): https://github.com/hashcat/hashcat/releases/tag/v6.2.6

Convenience Wayback links:

Main page:
https://web.archive.org/web/20250211000850/hashcat.net/hashcat/

Rules:
https://web.archive.org/web/20250211234251/https://hashcat.net/wiki/doku.php?id=rule_based_attack

Example hashes :
https://web.archive.org/web/20250216060927/https://hashcat.net/wiki/doku.php?id=example_hashes

FAQ:
https://web.archive.org/web/20250219024304/https://hashcat.net/wiki/doku.php?id=frequently_asked_questions

Recent beta:
https://web.archive.org/web/20250130114639/https://hashcat.net/beta/

@hashcat #hashcat

Interesting links of the week:

Strategy:

* https://dl.acm.org/doi/10.1145/3594553 - refining TI with automated labelling

Threats:

* https://blog.talosintelligence.com/salt-typhoon-analysis/ - Salt Typhoon analysis from @TalosSecurity
* https://www.inversecos.com/2025/02/an-inside-look-at-nsa-equation-group.html - a Chinese view on Equation Group

Detection:

* https://blog.thinkst.com/2025/02/almost-famous-behind-the-scenes-of-a-feature-that-didnt-make-the-cut.html - building canary tokens with unconstrained delegation

Hard hacks:

* https://kindlemodding.org/ - modding the Kindle
* https://www.die-welt.net/2025/02/unauthenticated-rce-in-grandstream-ht802v2-and-probably-others-using-gs_test_server-dhcp-vendor-option/ - hacking hardware via DHCP vendor options

Hardening:

* https://neapay.com/viewposts.html?category=BASE24 - variable quality but details on Base24

#security, #research

High level diff of iOS 18.3.1 vs. iOS 18.4beta1 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_3_1_22D72__vs_18_4_22E5200s/README.md

my colleagues Alexis and Brad at @trailofbits put together a great post on a basic security mistake that we keep making: attacker-controlled recursion. my favorite thing about these is that they're (1) trivial to find and (2) *way* more impactful than normal DoS spam.

the post contains some great examples of these, including real vulnerabilities in Protobuf and ElasticSearch:

https://blog.trailofbits.com/2025/02/21/dont-recurse-on-untrusted-input/

they'll also be presenting their findings at @DistrictCon tomorrow!

https://www.districtcon.org/bios-and-talks-2025/low-effort-dos-with-recursion

Rust 1.85.0 has been released! 🌈🦀✨

Not only does this release add *async closures*, it also includes a whole *new Rust Edition*, Rust 2024! 🎆🚀

Check out the blog post for an overview of all the changes and additions: https://blog.rust-lang.org/2025/02/20/Rust-1.85.0.html

Periodic reminder to the fedi EE / embedded systems community: I have a lot of lab capabilities and resources that the average hobbyist can't afford, and am willing to offer them up on reasonable terms (i.e. FREE in many cases) to help people out.

As a general rule if you're not making money on it (i.e. hobbyist/noncommercial/academic project) and it's not a major time commitment or consumable cost for me, all I ask is that you pay return shipping if you want the hardware sent back to you afterwards. For anything large or commercial in nature, I'm still potentially interested but we'd have to discuss compensation first.

Capabilities and equipment available:
* 3D planar EM simulation (Sonnet Pro)
* 5 3/4 digit multimeters (R&S HMC8012)
* Various oscilloscopes to 16 GHz BW (PicoScope 6424E, LeCroy WaveRunner 8404M-MS, LeCroy SDA 816Zi-A) plus power rail, current, and differential probes
* VNA measurements to 8.5 GHz (PicoVNA 106 / 108)
* BERT BER/eye pattern/bathtub curve measurements to 28 Gbps (MultiLane ML4039-BTP)
* Vector signal generation to 6 GHz (Siglent SSG5060X-V)
* Fine pitch soldering and PCB rework, BGA assembly, inner layer circuit edits, etc
* Low magnification stereo microscopy
* High magnification reflected light optical microscopy to ~300nm resolution, including large area automated step-and-repeat scanning and stitching of multi-gigapixel datasets
* Coming soon: Embedding and cross section polishing for failure analysis etc