#JeSuisLampshade #AlligatorCon

Security mitigation for the Common Log Filesystem (CLFS)

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/security-mitigation-for-the-common-log-filesystem-clfs/ba-p/4224041?s=09

#windows

"Today, the White House Office of the National Cyber Director (ONCD) released a Roadmap to Enhancing Internet Routing Security, which aims to address a key security vulnerability associated with the Border Gateway Protocol (#BGP) "

https://www.whitehouse.gov/oncd/briefing-room/2024/09/03/press-release-white-house-office-of-the-national-cyber-director-releases-roadmap-to-enhance-internet-routing-security/?s=09

⚡ Operator Fabric is an open source platform built by the LF Energy Foundation (https://lfenergy.org/) for use in electricity, water and other utility operations.

Last May we did a security audit sponsored by the Open Source Technology Improvement Fund (https://ostif.org) 🙏

Read a summary of our findings and find the full report here:

https://blog.quarkslab.com/audit-of-operator-fabric.html

Ongoing slab hardening efforts

Recently, there have been multiple efforts to make the exploitation of slab memory corruptions harder.

🧵[1/5]

I started a couple of forest fires to heat my burrito and I'm surprised by the results! It was still frozen in the middle by the end of the experiment, so it's far from perfect, but I think forest fires have a lot of potential and will revolutionize the burrito heating industry!

If you plan to meet some hackers in Krakow this week check your e-mail, esp. your spam folder!

#AlligatorCon

[RSS] Deep Dive into RCU Race Condition: Analysis of TCP-AO UAF (CVE-2024–27394)

https://blog.theori.io/deep-dive-into-rcu-race-condition-analysis-of-tcp-ao-uaf-cve-2024-27394-f40508b84c42?source=rss-4b564abdafa3------2

#linux

I’ll reiterate what many others have said about the yubikey story - unless you’re the target of super sophisticated actors who do not want you to know they’ve stolen your yubikey*, this is a bit of a non-event and highlights the importance of keeping track of your yubikeys. Please don’t toss them, but do keep an eye out for further developments. Once an issue like this is identified, it attracts a lot of attention from many smart people and there may will be other findings in the future, but for now, yubikeys are good enough for most of us.

* I know there are a bunch of people convinced you’re being pursued by these advanced adversaries. I worry about you. For many reasons.

Tired of using debuggers and manually exploring the program's state space? Too annoying to find the inputs you need to trigger the bug? Ever wanted to interactively see what your static analysis tool was really thinking?

With my collaborators from the University of Tartu (Karoliine Holter, Juhan-Oskar Hennoste, Simmo Saan, Vesal Vojdani), we have an Onward! paper about abstract debugging, where you can "step through" the abstract state of the program, as computed by a static analysis tool.

To appear at Onward! 2024: "Abstract Debuggers: Exploring Program Behaviors Using Static Analysis Results".

https://patricklam.ca/papers/24.onward.abs-debug.pdf

And a special thanks to the SIGPLAN-M mentoring program for matching me with these collaborators!

Hello, Fediverse! We're Kagi, and we're on a mission to create a friendlier, more human-centric internet that has the users' best interest in mind.

Our core product is a search engine that is ad-free, tracking-free, and fully supported by our users. We've worked hard to deliver a high-quality, fast, and reliable search experience without compromising user privacy: https://kagi.com/

Excited to engage with the community here.

#Search #Privacy #AdFree

s/middleware/dark matter/

Absolute funniest TikTok trend in history went down this weekend. Someone posted about this “ATM glitch” they found. They went on to explained that you can deposit checks into ATMs and some of the money becomes available for withdrawal immediately, so you can write fake checks, deposit them, then withdraw the money before the check clears.

They made it sound like some kind of life hack and I guess most of TikTok is too young to know what check fraud is, so they had like hundreds of people uploading videos of themselves writing and depositing fraudulent checks into their own bank accounts tied to their real identities 💀

Saying the quiet part out loud

https://futurism.com/the-byte/openai-copyrighted-material-parliament

The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains brief physical access to it, researchers said Tuesday.

The cryptographic flaw, known as a side channel, resides in a small microcontroller that’s used in a vast number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.

https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

fuck yeah, another ghidra feature that I could never find in IDA 😎

You can make a typedef for an offset pointer, as in, “this is a pointer to offset 0x4 within a FooClass object”. And then the decompiler sees code like `SUB dword ptr [ESP + 0x8], 4` and figures out “ah, this turns it into a normal FooClass*” and makes things readable. Quite nice for inspecting C++ inheritance forests.

This is a real story. https://www.nytimes.com/2024/09/03/us/politics/trump-prank-devices.html

Security Week: CISA Warns of Avtech Camera Vulnerability Exploited in Wild
In yesterday's CISA ICS Advisory AVTECH IP Camera, CISA includes the following verbiage:

ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation

Additionally, "An anonymous third-party organization confirmed Akamai's report and identified specific affected products and firmware versions." AVTECH SECURITY Corporation has not responded to requests to work with CISA to mitigate these vulnerabilities.

So there you have it CVE-2024-7029 (8.8 high) command injection vulnerability is likely an unpatched and exploited zero-day.

#CVE_2024_7029 #activeexploitation #zeroday #vulnerability #cve #avtech #cisa

A couple notes about the Infineon timing side channel affecting most YubiKeys.

1. yubikey-agent is unaffected in the evil maid threat model as the attacker needs physical access *and PIN*

2. lol, Infineon

3. Go mitigates timing side-channels in ECDSA nonce inversion by not being clever and just using Fermat's little theorem, which is as simple as a constant time exponentiation by p - 2 (which can be optimized with @mbmcloughlin's addchain)

https://ninjalab.io/eucleak/
https://www.yubico.com/support/security-advisories/ysa-2024-03/

We've updated our blog on abusing file deletes to escalate privileges. We've also released PoC to demonstrate this. The exploit offers a high degree of reliability and eliminates all race conditions. It has been tested on the latest Windows 11 Enterprise. https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks