"OpenSSH Backdoors" -- a few thoughts on supply-chain attacks against OpenSSH, and what we can learn from both historical and modern events. https://blog.isosceles.com/openssh-backdoors/

twelve years ago, a painter by the name of anders ramsell painted 12,597 aquarelle paintings of blade runner, shot by shot, of the entire film edited down to ~35 minutes. it took two years of painstaking work, all done in his spare time after work each night.

the video circled around the web for a few years, and quietly disappeared from every single site it was hosted at.

a few months ago i spent a few hours digging for it, and finally found a copy of the original file.

i'm not sure how long it will last over at IA, so enjoy it while you can. it is a true achievement. 🙏

#filmPreservation #art #painting

https://archive.org/details/blade-runner-aquarelle-edition

Updated #defcon 32 main stage presentations have been uploaded to https://media.defcon.org Enjoy!

What the actual fuck?! Data brokers are scum.

"""
Another National Public Data company found hosting a file online that included the usernames and passwords for the back-end of its website, including for the site’s administrator.

The publicly-accessible file, which has now been taken offline, showed that all RecordsCheck users were given the same 6-character password with instructions to change that password. Which many failed to do.
"""

https://www.malwarebytes.com/blog/news/2024/08/national-public-data-leaked-passwords-online

#NPD #DataBreach #DataBrokers

I know this dates me, but ... 80% of the problems I'm solving with jq are caused by using JSON at all ... when a simpler format would have been fine.

Repeating every verbose field name in each record, when the schema is flat, is often premature "schema might need to be variable someday" optimization.

When the Rapid7 DNS data was freely available, it was distributed as a one-line-per-stanza JSON file. The first thing I'd do after downloading it was convert it to CSV ... which cut its size by 60%.

It's like buying a ten-pound box of individually wrapped grains of rice.

Remember kids, if a product says it using "FIPS 197 certified encryption", all it means is that they are using a library which was certified to correctly implement the algorithm.

The product vendor might be using a hardcoded key in ECB mode but they are still technically using "certified" encryption.

When reversing c++, my eyes quickly glaze over when it comes to exceptions and i tend to just ignore them. It’s just house keeping code, for the most part. Right?

This hexrays feature to display wind/unwind blocks in a sane way looks immensely useful. Not only for getting hints about structure members and types , but because understanding object life times can be crucial for certain types of bug classes.
https://infosec.place/objects/44ae2d73-a400-417b-84f9-b03e99236d72

A little bird told me that the schedule of #AlligatorConEU is online:

https://alligatorcon.eu/

#WodkaBreak

So cool to see my vulnerability research automation work integrated into such a powerful tool! Keep it up ✊
https://infosec.exchange/@securefirmware/112937856513629704

i think the internet would be better if "web designers" were banned from having internet faster than train wifi

Hacker dad who faked death to avoid child support sentenced to prison

Now he owes child support, plus about $80,000 to repair state death registries.

https://arstechnica.com/tech-policy/2024/08/hacker-dad-who-faked-death-to-avoid-child-support-sentenced-to-prison/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

[RSS] C++ Unwind Metadata: A Hidden Reverse Engineering Bonanza

http://www.msreverseengineering.com/blog/2024/8/20/c-unwind-metadata-1

#ReverseEngineering

CVE-2024-5535: `SSL_select_next_proto` buffer overread celebrating a decade of publishing your heap over the internet

https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html

Missed this one earlier, pretty fun bug and good writeup!

"No way to prevent this" say users of only language where this regularly happens

https://xeiaso.net/shitposts/no-way-to-prevent-this/CVE-2024-5535/

go to the cloud they said
it'll be fine they said

During #Pwn2Own Automotive, the team from @Synacktiv used 2 bugs to take over the #Autel Maxicharger. Our latest blog takes a brief look at how they did it, and how Autel patched it.
https://www.zerodayinitiative.com/blog/2024/8/22/from-pwn2own-automotive-taking-over-the-autel-maxicharger

So Gartner is full of shit?

Color me not surprised.

Gartner does not do rigorous research. It is an MBA gospel cargo cult consultancy. They shouldn't be taken seriously.

https://www.economist.com/finance-and-economics/2024/08/19/artificial-intelligence-is-losing-hype

SolarWinds security advisory: Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)
Here we go again, another SolarWinds Web Help Desk vulnerability. I promise you this one is different:
CVE-2024-28987 (9.1 critical) The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

No mention of exploitation. Discovered by Zach Hanley, while not listed, is part of Horizon3. He indicated at the Bad Place that he will post a technical writeup next month. Stay tuned.

#SolarWinds #vulnerability #CVE_2024_28987 #cve #webhelpdesk

[RSS] Details about CVE-2024-22263: Spring Cloud Dataflow Arbitrary File Writing

https://blog.securelayer7.net/spring-cloud-data-flow-exploit/