My latest for Wired. How researchers hacked time to crack an 11-year-old password protecting $3 million in cryptocurrency. They found a significant flaw in RoboForm's password manager that made its pseudo-random-number generator not so random. The flaw allowed famed hardware hacker Joe Grand to turn back time and cause the RoboForm password manager to believe it was 2013 and spit out the same passwords it generated back then. RoboForm says it fixed the flaw in 2015, but it appears it never told customers about it. This means that if any of RoboForm's current 6 million users are using passwords generated by the password manager prior to 2015, before the company silently fixed the flaw, they may have passwords that can be cracked in the same way .

https://www.wired.com/story/roboform-password-3-million-dollar-crypto-wallet/

WE DID IT. My new zine “How Git Works" is out now!

You can get it here for $12: https://wizardzines.com/zines/git

[RSS] CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud

https://www.thezdi.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud

New assessment for topic: CVE-2024-24919

Topic description: "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades ..."

"On May 28, 2024, Check Point published an advisory for an unauthenticated information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade ..."

Link: https://attackerkb.com/assessments/1b3e554c-47a1-40f1-a09a-ea867bb4f8a4

What's next for Kagi?

https://blog.kagi.com/what-is-next-for-kagi

Exclusive sneak peek into the world of VPN appliance security research:

https://www.youtube.com/watch?v=V1SpFt7zJUM

Hunting bugs in Nginx JavaScript engine (njs)

https://0xbigshaq.github.io/2024/05/24/njs-vr-bugs/

germy is an N_GSM Linux kernel privilege escalation exploit for versions 5.15-rc1 to 6.6-rc1

https://github.com/roddux/germy

Is there a CVE for this?

One day last October, subscribers to an ISP known as Windstream began flooding message boards with reports their routers had suddenly stopped working and remained unresponsive to reboots and all other attempts to revive them.

“The routers now just sit there with a steady red light on the front,” one user wrote, referring to the ActionTec T3200 router models Windstream provided to both them and a next door neighbor. “They won't even respond to a RESET.”

Windstream’s Kinetic broadband service has about 1.6 million subscribers in 18 states, including Iowa, Alabama, Arkansas, Georgia, and Kentucky. For many customers, Kinetic provides an essential link to the outside world. After eventually determining that the routers were permanently unusable, Windstream sent new routers to affected customers.

A report published Thursday by security firm Lumen Technologies’ Black Lotus Labs may shed new light on the incident, which Windstream has yet to explain. Black Lotus Labs researchers said that over a 72-hour period beginning on October 25, malware took out more than 600,000 routers connected to a single autonomous system number belonging to an unnamed ISP.

https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/

Why is it that security products that have the very important job of securing companies' network borders (SSL VPNs) have webgoat-like levels of security diligence?

CVE-2024-24919 is a Directory traversal.

One of the suggested mitigations was to buy another Check Point security product to protect this Check Point security product.

There is truly no bottom when it comes to these "security" products.
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

A shout out to librarians, libraries and library science -- and the practices of care, community and service which make up their democratizing force.

https://buttondown.email/maiht3k/archive/information-access-as-a-public-good/

#AI features I actually need:

If I Ctrl-Z a stupid autocorrect for the 100th time, the editor could be smart enough to disable that correction for me.

But I guess this is just impractical with today's technology...

#AIFeatureRequest

RFC for 700 HTTP Status Codes

https://github.com/joho/7XX-rfc

[RSS] Check Point - Wrong Check Point (CVE-2024-24919) - watchTowr Labs

https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

[RSS] CVE-2024-22058 Ivanti Landesk LPE - Mantodea Security

https://mantodeasecurity.de/en/2024/05/cve-2024-22058-ivanti-landesk-lpe/

PSA: Before using an LLM to write professional text, consider that current LLM's tend to be overly verbose, meaning that:

a) most of the words of the output will not convey interesting information
b) interesting information may be lost among all the convoluted grammar

If after a few iterations the output looks correct (huge if!), you are in many cases better off writing down a slightly modified version of _the prompt itself_ than the output, as the former likely already contains all the information you want to communicate.

A wise man once said:
Brevity is the soul of wit.

#google #aioverview

https://www.youtube.com/watch?v=6D9vAItORgE

Check Point: Attempted Zero-Day Exploitation: Important Security Update – Stay Protected Against VPN Information Disclosure (CVE-2024-24919)
Check Point warned on Monday 27 May 2024 of attacker attempts to gain unauthorized access to VPN products. They identified login attempts using old VPN local-accounts relying on unrecommended password-only authentication method. Check Point officially disclosed a sensitive information disclosure vulnerability tracked as CVE-2024-24919 (7.5 high):

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

This affects CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances versions: R80.20.x, R80.20SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20

View the following fix: Preventative Hotfix for CVE-2024-24919 - Quantum Gateway Information Disclosure

h/t to @serghei and @BleepingComputer for their initial news article. cc: @briankrebs @campuscodi @mttaggart @deepthoughts10 @dangoodin

#zeroday #CVE_2024_24919 #eitw #activeexploitation #VPN #CheckPoint #vulnerability #cve

Got root, what now? Practical post-exploitation steps on an F5 Big-IP appliance, by team members @drm and @myst404

https://offsec.almond.consulting/post-exploiting-f5-BIG-IP.html

I recently went to my YT history to look up a video I watched earlier. What I found was that shorts are spamming my history even if I never watched them but they appeared on my screen as a recommendation.

I guess this is yet another desperate attempt of #AdTech to artificially boost some metrics that can later justify advertising prices.