SEC Consult SA-20250226-0 :: Multiple vulnerabilities in Siemens A8000 CP-8050 & CP-8031 PLC

https://seclists.org/fulldisclosure/2025/Feb/19

- Firmware Downgrade (CVE-2024-39601)
- Firmware Update Decryption via Secure Element Oracle (CVE-2024-53832)

If a government can issue a secret order to push a 'special' version of a mobile app just to a specific person (or set of people), how can this be mitigated?

• How can app "rarity" be detected locally? (Antivirus and its descendants have a concept of a "well-known benign executable" vs one that has only been rarely seen.

• Can a local app, or an OS feature, be used to compare local apps with a list of expected versions?

• Can this be done independently of the OS (since the order could also subvert the rarity check)? (Even an independent app can be subverted if the only app store is the official one maintained by the same vendor.)

• To detect unusual app versions, reproducible builds are necessary but not sufficient, unless the project is also FOSS -- because even if everyone gets the same APK, the app might receive different instructions from its server depending on unique metadata.

Today in "#systemd ruins everything", Jan learns that systemd-resolve...

- runs a proxy DNS server on 127.0.0.53 (which is in /etc/resolv.conf)
- uses it's own /run/systemd/resolve/resolv.conf
- will read and cache /etc/hosts regardless of what /etc/nsswitch.conf says (`ReadEtcHosts` defaults to `yes` in /etc/systemd/resolved.conf)

Applications that follow traditional libc resolver logic now will continue to get /etc/hosts results even if /etc/nsswitch.conf excludes 'files'.

🤦‍♂️

[RSS] Taking the relaying capabilities of multicast poisoning to the next level: tricking Windows SMB clients into falling back to WebDav

https://www.synacktiv.com/en/publications/taking-the-relaying-capabilities-of-multicast-poisoning-to-the-next-level-tricking

[RSS] A Deep Dive into JS Trusted Types Violations

https://bughunters.google.com/blog/5850786553528320/a-deep-dive-into-js-trusted-types-violations

Hyperlight is a library for creating micro virtual machines — or sandboxes — specifically optimized for securely running untrusted code with minimal impact.

https://github.com/hyperlight-dev/hyperlight

It supports both Windows and Linux, utilizing Windows Hypervisor Platform on Windows, and either Microsoft Hypervisor (mshv) or KVM on Linux.

#hypervisor #virtualization

“HKEY_CURRENT_USER. You will never find a more wretched hive of scum and villainy.”

@joxean As I see there are several ...Demangler classes under the Features directory along with wrapper scripts too that demonstrate their use. If you need help translating this Java->Python lmk!

Anybody knows how to demangle a string, not a symbol, in #Ghidra using Python?

@joxean This seems useful: https://hwreblog.com/9.1/api/ghidra/app/util/demangler/DemanglerUtil.html#demangle(java.lang.String) ?

[RSS] How Does #Linux Direct Mapping Work?

https://u1f383.github.io/linux/2025/02/27/how-does-linux-direct-mapping-work.html

been reminded of this several times this week and not in a nice way

@mttaggart My point is that since Mozilla is not in adtech (yet) their TOS will necessarily differ from ones (everyone else?) that are.

[RSS] Sidekick in Action: Finding Vulnerabilities in dnsmasq

https://binary.ninja/2025/02/26/sidekick-in-action-finding-vulnerabilities-in-dnsmasq.html

@mttaggart do other browser have similar business models? I mean if you are in adtech you will use different terms because you do want to collect and use data.

Mozilla has updated their press release with the following clarification:

UPDATE: We’ve seen a little confusion about the language regarding licenses, so we want to clear that up. We need a license to allow us to make some of the basic functionality of Firefox possible. Without it, we couldn’t use information type into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice.

https://blog.mozilla.org/en/products/firefox/firefox-news/firefox-terms-of-use/

That is good to hear, but their reasoning makes no sense given that no other browser uses that language.

Firefox now has Terms of Use! This'll go over like a lead balloon.

You give Mozilla all rights necessary to operate Firefox, including processing data as we describe in the Firefox Privacy Notice, as well as acting on your behalf to help you navigate the internet. When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

https://www.mozilla.org/en-US/about/legal/terms/firefox/

RIP Michelle Trachtenberg, thanks for all the laughs :(

@mttaggart @Viss Sure, these are just my personal priorities that I try not to confuse with universal axioms :)

@mttaggart @Viss Yeah that too, although I don't find that feature as significant as search.