Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part I

https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en/?ref=blog.exploits.club

CVE-2023-29360 CVE-2023-36802 CVE-2024-30089 CVE-2024-38055 CVE-2024-38056 CVE-2024-38054 CVE-2024-38057 CVE-2024-35250 CVE-2024-30084

I wrote an op-ed today in @lemonde about Durov's arrest. It's paywalled and French-walled too, so I'll post the key points here!

https://www.lemonde.fr/idees/article/2024/08/29/que-le-sort-de-pavel-durov-ne-serve-pas-de-cheval-de-troie-qui-legitimerait-des-pressions-sur-d-autres-developpeurs-dont-la-situation-n-a-rien-de-comparable_6298532_3232.html

1) You may have noticed that close to nobody in the infosec community (beyond Snowden) is calling for Durov's immediate release. That's because the infosec community knows Telegram has nothing to do with security and TG is not, in fact, a secure messenger. Not by a long shot.

A lot of people have written extensively about this, so I'll just summarize: most chats are only encrypted in transit, and when they are, it's with a proprietary and non-audited protocol. All your data is stored in plaintext on Telegram's servers.

2) It's actually unclear that the authorities view TG as a messenger at all. The indictment uses language that is more fitting to platforms and social media. Elon Musk understands this, which is why he's been vocal about the arrest.

This case IS NOT ABOUT FREE SPEECH. It's about whether platforms should be forced to cooperate with law enforcement (here, on drug / CP cases). EU law says that if problematic content is reported to X/Fb/Linkedin, they must delete it. If they do, they can't be held responsible.

You may disagree. But you cannot frame the situation as "the French government wants to destroy the last bastion of free speech". Also, this is not a political arrest, since prosecutors are independent in France. It's almost certain they didn't ask the government for permission.

3) Most platforms have nothing to worry about. Despite what @andyyen says, there's zero risk for him because he fully cooperates with authorities, which he knows. That was in fact the source of terrible PR for Proton.

The best thing platforms can do to protect themselves is use E2EE everywhere they can and store the least possible user data.
Crucial: don't say no to governments like Durov and go to jail. Create the conditions for your powerlessness. Say "we'd love to but we can't".

4) Maybe the most important point: the battle for free speech and encryption does go on. Telegram never was our champion for this battle and never will. Threats to encryption are still looming in 🇪🇺 and we need to be ready to fight the right battles.

A kindred spirit right here, lads.

We have published the 2nd writeup about the EV vulnerabilities we exploited for #Pwn2Own Automotive: the JuiceBox 40.

Despite what the
@thezdi advisories say, these bugs were NOT fixed by the vendor! SiLabs has declared the product EOL and won't fix it.

https://sector7.computest.nl/post/2024-08-pwn2own-automotive-juicebox-40/

Why in the everliving fuck does #Go's URL.Host include the port while Port() is a freaking method that returns a string?!

1993: I use BBSes for online interaction. Each BBS is run by some random person. They connect to a federated worldwide network. I keep my notes in .TXT files.

2008-2022: I use social networks like Facebook and Twitter for online interaction. They're huge and popular. I use Evernote for my notes, which is full of features.

2023: I use Mastodon for online interaction. Each instance is run by some random person. They connect to a federated worldwide network. I keep my notes in .TXT files.

Space Shuttle Interim Teleprinter reverse engineering

http://www.righto.com/2024/08/space-shuttle-interim-teleprinter.html

#reverseengineering #hardware

48 years ago yesterday.

CVE-2024-5274 (Chrome V8 0day) official ticket with analysis and PoC

https://issues.chromium.org/issues/341663589

Autonomously Uncovering and Fixing a Hidden Vulnerability in SQLite3 with an LLM-Based System

https://team-atlanta.github.io/blog/post-asc-sqlite/

Fortra security advisories:

• GoAnywhere MFT (from 14 August 2024): Authentication bypass in GoAnywhere MFT prior to 7.6.0 CVE-2024-25157 (6.5 medium)
• FileCatalyst (from 27 August 2024):
  • Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier) (9.8 critical) default credentials are published in a vendor knowledgebase article
  • SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier) CVE-2024-6632 (7.2 high)

No mention of exploitation. But shame on FileCatalyst for having hardcoded credentials. See related Bleeping Computer reporting: Fortra fixes critical FileCatalyst Workflow hardcoded password issue

#fortra #filecatalyst #goanywhere #cve #vulnerability

Galaxy brain of @haifeili :
"Instead the vendor (you believe it's recklessly) asking you to provide more info, you ask them to provide their testing env & steps first. You want me to make a screen recording? Show your recording first."

High level diff of iOS 18.0 beta 7 vs. iOS 18.0 beta 8 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_0_22A5346a__vs_18_0_22A5350a/README.md

📰 BinaryFormatter removed from .NET 9

Starting with .NET 9, we no longer include an implementation of BinaryFormatter in the runtime. This post covers what options you have to move forward.

https://devblogs.microsoft.com/dotnet/binaryformatter-removed-from-dotnet-9/ #dotnet

[RSS] CVE-2024-37079: VMware vCenter Server Integer Underflow Code Execution Vulnerability

https://www.thezdi.com/blog/2024/8/27/cve-2024-37079-vmware-vcenter-server-integer-underflow-code-execution-vulnerability

[RSS] Reverse engineering a Windows HDD firmware updater

https://syscall.eu/blog/2024/07/01/toshiba_hdd_firmware/

Micropatches were released for Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)

Micropatches were released for "FakePotato" Local Privilege Escalation (CVE-2024-38100)

my university has converted our office telephones to Microsoft Teams. when i grumbled about this to a favourite sysadmin, this is how they responded 🔥

“Microsoft has actually brilliantly leveraged the lousy security landscape -- for which they are in no small part responsible -- to capture even larger market-share, as we now need commercial entities to produce the software required to protect us from their failures, and therefore need a more uniform environment to achieve the necessary scale. The uniformity then guarantees an ever greater scale for the inevitable conflagration. Monocultures guarantee one big fire instead of a bunch of small survivable ones. We really have no interest in learning from evolution, in no small part because it would produce fewer billionaires.

— Local Cranky IT Guy” [shared with permission]

#Enshittification

According to https://httparchive.org/reports/page-weight, the median weight in KB for web page tech on desktop:

Over the last 14.5 years:

HTML
2010: 20KB;
mid 2024: 33KB;
Increase of 65%.

Images
2010: 229KB;
mid 2024: 1,062KB;
Increase of 464%.

JavaScript
2010: 89KB;
mid 2024: 640KB;
Increase of 719%.

- - -

Over the last 9 years:

Video
mid 2015: 173KB;
mid 2024: 3,872KB;
Increase of 2,238%.

I reckon that in the era of AI the JS gradient is gonna steepen significantly

#climateDiary