My latest for Wired. How researchers hacked time to crack an 11-year-old password protecting $3 million in cryptocurrency. They found a significant flaw in RoboForm's password manager that made its pseudo-random-number generator not so random. The flaw allowed famed hardware hacker Joe Grand to turn back time and cause the RoboForm password manager to believe it was 2013 and spit out the same passwords it generated back then. RoboForm says it fixed the flaw in 2015, but it appears it never told customers about it. This means that if any of RoboForm's current 6 million users are using passwords generated by the password manager prior to 2015, before the company silently fixed the flaw, they may have passwords that can be cracked in the same way .

https://www.wired.com/story/roboform-password-3-million-dollar-crypto-wallet/

WE DID IT. My new zine “How Git Works" is out now!

You can get it here for $12: https://wizardzines.com/zines/git

One day last October, subscribers to an ISP known as Windstream began flooding message boards with reports their routers had suddenly stopped working and remained unresponsive to reboots and all other attempts to revive them.

“The routers now just sit there with a steady red light on the front,” one user wrote, referring to the ActionTec T3200 router models Windstream provided to both them and a next door neighbor. “They won't even respond to a RESET.”

Windstream’s Kinetic broadband service has about 1.6 million subscribers in 18 states, including Iowa, Alabama, Arkansas, Georgia, and Kentucky. For many customers, Kinetic provides an essential link to the outside world. After eventually determining that the routers were permanently unusable, Windstream sent new routers to affected customers.

A report published Thursday by security firm Lumen Technologies’ Black Lotus Labs may shed new light on the incident, which Windstream has yet to explain. Black Lotus Labs researchers said that over a 72-hour period beginning on October 25, malware took out more than 600,000 routers connected to a single autonomous system number belonging to an unnamed ISP.

https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/

Why is it that security products that have the very important job of securing companies' network borders (SSL VPNs) have webgoat-like levels of security diligence?

CVE-2024-24919 is a Directory traversal.

One of the suggested mitigations was to buy another Check Point security product to protect this Check Point security product.

There is truly no bottom when it comes to these "security" products.
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

A shout out to librarians, libraries and library science -- and the practices of care, community and service which make up their democratizing force.

https://buttondown.email/maiht3k/archive/information-access-as-a-public-good/

Check Point: Attempted Zero-Day Exploitation: Important Security Update – Stay Protected Against VPN Information Disclosure (CVE-2024-24919)
Check Point warned on Monday 27 May 2024 of attacker attempts to gain unauthorized access to VPN products. They identified login attempts using old VPN local-accounts relying on unrecommended password-only authentication method. Check Point officially disclosed a sensitive information disclosure vulnerability tracked as CVE-2024-24919 (7.5 high):

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

This affects CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances versions: R80.20.x, R80.20SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20

View the following fix: Preventative Hotfix for CVE-2024-24919 - Quantum Gateway Information Disclosure

h/t to @serghei and @BleepingComputer for their initial news article. cc: @briankrebs @campuscodi @mttaggart @deepthoughts10 @dangoodin

#zeroday #CVE_2024_24919 #eitw #activeexploitation #VPN #CheckPoint #vulnerability #cve

Got root, what now? Practical post-exploitation steps on an F5 Big-IP appliance, by team members @drm and @myst404

https://offsec.almond.consulting/post-exploiting-f5-BIG-IP.html

We've all been laughing at the obvious fails from Google's AI Overviews feature, but there's a serious lesson in there too about how it disrupts the relational nature of information. More in the latest Mystery AI Hype Theater 3000 newsletter:

https://buttondown.email/maiht3k/archive/information-is-relational/

Hacked? Ticketmaster's terrible, horrible, no good, very bad week just got worse:

https://databreaches.net/2024/05/28/hacked-ticketmasters-terrible-horrible-no-good-very-bad-week-just-got-worse/

#databreach #infosec #Ticketmaster

@campuscodi

idk why people say funding OSS is difficult

do you think this is an appropriate amount of spite to put into a reverse engineering project?

Sorry to say, archive.org is under a ddos attack. The data is not affected, but most services are unavailable.

We are working on it & will post updates in comments.

Microsoft published a report last month acknowledging the existence of a long running honeypot operation running on code.microsoft[.]com.

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/examining-the-deception-infrastructure-in-place-behind-code/ba-p/4124464

#microsoft #infosec #threatintel

Your developers upload 0-day exploit documentation to VirusTotal.

#opsec

https://securelist.com/cve-2024-30051/112618/

A heartbreaking moment that was saved by an SS photographer at Auschwitz II-Birkenau during the deportations of Hungarian Jews. It was taken 80 years ago, most likely in late May 1944. A little child finds a dandelion in the grass and is handing it or showing it to an older boy.
1/2

Heads up to anyone using facebook or insta: you'll receive a notification about your data being used to train AIs. The opt out process is deliberately convoluted and you have to fill out a form to object. This is what I wrote in mine, and the objection was immediately registered as successful, so feel free to copy.

Masto reply bores, this is not a post on which to fart out your opinions about Meta or AI or whatever. So don't. I'm sharing helpful info for people who need it, not for you.

idk i feel like it probably says something about our education system that people frequently have nightmares about being in it 20 years after the fact

With the impending doom of ICQ in June and the new crappy version of Teams coming in July, I would like to post this meme one final time

#ICQ #Teams #Microsoft #MicrosoftTeams

Sierra On-Line accidentally included the source code to their AGI adventure game engine on some copies of Space Quest II. Its presence is not obvious but with enough sector sleuthing it is possible to recover about 70% of it. The recovered source code is peppered with illuminating comments regarding its history and authors. It can be examined in a GitHub repo linked in the article.

"The Space Quest II Master Disk Blunder"
https://lanceewing.github.io/blog/sierra/agi/sq2/2024/05/22/do-you-own-this-space-quest-2-disk.html

Another large language model scraper blocked. This graph is from a site which runs a tool generating answers for people doing important research work. The AI scraper sent hundreds of thousands of lookup requests evading rate limits by using about a thousand IPs and pinned multiple webservers at 100% CPU (graph from one attached). This is a massive waste of electricity to train a hallucination machine.