Critical Vulnerability in SonicWall SonicOS (CERT-EU Security Advisory 2024-089)

On August 23, 2024, SonicWall issued a security advisory regarding a critical access control vulnerability (CVE-2024-40766) in its SonicOS. This flaw could allow attackers to gain unauthorised access to resources or cause the firewall crash.
It is recommended updating as soon as possible.

https://www.cert.europa.eu/publications/security-advisories/2024-089/

I released a poc & some details for CVE-2024-38063, a RCE vuln in tcpip.sys patched by MS last week: https://github.com/ynwarcs/CVE-2024-38063

Analyzing and Exploiting CVE-2024-38063, an RCE Vulnerability In the Windows TCP/IP Stack

https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html

IBM issued a fix to CVE-2024-27275 that mitigates an #IBMi privilege escalation technique we published last year:

🥷https://blog.silentsignal.eu/2023/03/30/booby-trapping-ibm-i/
🧑‍🏭https://ibm.com/support/pages/node/7157637

The PTF restricts the use of the ADDPFTRG command - this is a breaking change documented in the Memo to Users.

Literally 20 years ago we said that French regulations to restrict cryptography without state approval would eventually bite; and we were right…
https://alecmuffett.com/article/110312
#EndToEndEncryption #PavelDurov #backdoors #france #telegram

Charges against P. Durov (of Telegram). ... Telegram failed to obtain a State permit or registration to use encryption and other cryptography technology? Among others: "Supply of cryptology services to ensure confidentiality functions without functions without a declaration of conformity,
- Supply of a cryptographic means that does not exclusively provide authentication or authentication or integrity control functions without prior declaration,
...

Full text (french): https://www.tribunal-de-paris.justice.fr/sites/default/files/2024-08/2024-08-26%20-%20CP%20TELEGRAM%20.pdf

Apparently the Polaris Dawn crew are going to be the highest humans have been since the Apollo program, which is surprising given some of the kids I went to high school with.

This was a keynote I gave to our first BSides in Johannesburg recently. It covers what I think a community needs to do to create great hackers and warns of the dangers of racing to the bottom. While it focuses on South Africa - it’s, I think, more widely useful.

https://youtube.com/watch?v=Ri5DoRRnGWs (or on invidious https://yewtu.be/watch?v=Ri5DoRRnGWs)

On but is actually important:

I quote:

“Intel HW is too complex to be absolutely secure! After years of research we finally extracted Intel SGX Fuse Key0, AKA Root Provisioning Key. Together with FK1 or Root Sealing Key (also compromised), it represents Root of Trust for SGX. Here's the key from a genuine Intel CPU.”

__
¹ https://x.com/_markel___/status/1828112469010596347

Automated Bug Hunting With Semgrep https://www.somersetrecon.com/blog/2024/automated-bug-hunting-with-semgrep

Just two days left until the first hearing in Newag's lawsuit against us (Dragon Sector members) and SPS. It will take place on 28.08.2024 at 10:00. In case you've missed it, we're being accused of infringing upon Newag's intellectual property and unfair competition. This is, of course, bullshit and a great example of a SLAPP case.

I get really annoyed when a link unexpectedly takes me to X, but since I ended up there today, this is too good not to share.

AI literally Rickrolled a company's customer when they asked for a link to a training video! It replied to a request by sending a link to Rick Astley's video on YouTube.

day gets better

We're 7 years after the publication of NIST 800-63 on best practice guidance for modern passwords and I still talk to large companies stuck in the past trying to enforce silly password rules and mandatory 90 day rotations. Pretty sure I'm still going to be having these discussions at the 10 year anniversary.

Google's removal of the estimated number of search results is particularly user-hostile.

And it's me. I'm "user".

There's a specific kind of searching where you know that there shouldn't be a ton of results, and you are adding exclusions until your search matches the expected result space.

And now that's impossible (without scrolling to the bottom to see how many pages of results there are).

Some thoughts on memory safety

https://pacibsp.github.io/2024/some-thoughts-on-memory-safety.html

This post briefly describes some theoretical aspects of memory safety that feel important to me but that aren't always obvious from how I see memory safety being discussed:

1. Memory unsafety is a specific instance of a more general pattern of handle/object unsafety

2. Memory unsafety is relative to a particular layer in a stack of abstract machines

3. Memory unsafety matters because it violates local reasoning about state

4. Safe languages use invariants to provide memory safety, but these invariants do not define memory safety

Also, not sure what was up with the embed in my last post, hopefully this one works.

Another SolarWinds RCE vulnerability…

… I instantly had the image from Hunt for Red October when the Soviet ambassador tells the US SecState that they needed help and SecState says "Don't tell me you lost _another_ submarine!"

I have some words for the developers who decided that it was completely reasonable to expect a user to be able to precisely hit a single pixel to be able to resize a window.

I've seen this on both Windows and Linux. 🤦‍♂️

GNU/Linux Sandboxing - A Brief Review https://hardenedlinux.org/blog/2024-08-20-gnu/linux-sandboxing-a-brief-review/

Most mirrors of libgen are now down. Anna's Archive is fighting to keep the lights on.
https://annas-archive.org/