Posts
2507
Following
574
Followers
1284
A drunken debugger

Heretek of Silent Signal
repeated

Talos Vulnerability Reports

New vulnerability report from Talos:

OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser invalid pointer dereference vulnerabilities

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2016

CVE-2024-39589,CVE-2024-39590,CVE-2024-39589,CVE-2024-39590
0
1
0
repeated

Talos Vulnerability Reports

New vulnerability report from Talos:

OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2005

CVE-2024-34026
0
1
0
repeated

Talos Vulnerability Reports

New vulnerability report from Talos:

OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP PCCC out-of-bounds read vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2004

CVE-2024-36981,CVE-2024-36980,CVE-2024-36980,CVE-2024-36981
0
1
0
repeated
[RSS] It rather involved being on the other side of this airtight hatchway: Posting completions to somebody else's I/O completion port

https://devblogs.microsoft.com/oldnewthing/20240917-00/?p=110276
0
0
1
repeated

IPE (Integrity Policy Enforcement) is now merged to Linus’ tree for the v6.12 kernel, after many years of upstreaming efforts.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a430d95c5efa2b545d26a094eb5f624e36732af0

See also: https://microsoft.github.io/ipe/

1
3
0
wild speculation, exploding beepers
Show content
I read that a Hungarian company produced Hezbollah's recently acquired exploding beepers.[1]

I wonder if this is related to Mahmoud Ahmadinejad's visit in Budapest back in May.[2]

Again, this is wild speculation!

[1] https://444.hu/2024/09/18/magyarorszagon-gyartottak-a-libanonban-felrobbant-csipogokat
[2] https://24.hu/kulfold/2024/05/09/mahmud-ahmadinezsad-iran-magyarorszag-kozszolgalati-egyetem/
1
1
4
repeated
Edited 3 months ago

It has long been known that timing analyses are a *theoretical* attack on Tor. By distributing the circuits across different jurisdictions, the goal was to make these attacks impractical to implement:

Only a "global adversary" should be able to break the anonymity by correlating the traffic from entry and exit nodes. Correlation becomes even easier if delays or content can be actively introduced into the traffic pattern.

Just as we could (theoretically) become a "global adversary" by renting enough servers, law enforcement agencies can (practically) achieve this through close cooperation, especially since Tor nodes are not evenly distributed across jurisdictions but tend to cluster in certain regions.

Western law enforcement agencies seem to have reached the "global adversary" level through collaboration (in isolated cases and certainly with significant effort). What is problematic for Tor is that other "law enforcement agencies," whose focus is on dissidents, whistleblowers, and journalists, could do the same.

So, it is finally time for cover traffic and random delays: nodes in the Tor network would introduce a random traffic background noise as well as random delays to make targeted correlations more difficult. This would make Tor even slower. This is probably why it has been avoided until now.

In conclusion, we would like to emphasize that there is no reason for regular users of the Tor browser to worry about their anonymity. These are highly targeted attacks on individual accounts of the messenger "Ricochet" over extended periods of time. Because the messenger, unlike a browser, is also reachable, it naturally has an increased attack surface for timing analyses.

https://www.tagesschau.de/investigativ/panorama/tor-netzwerk-100.html

0
5
0
repeated

GitLab security advisory: GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10
CVE-2024-45409 (perfect 10.0 critical đŸ„ł cc: @cR0w) SAML authentication bypass

GitLab doing me a heccin' concern because they're already talking about detecting unsuccessful and successful exploitation attempts. I can't definitively say if exploitation in the wild occurred based on the verbiage in this advisory.

cc: @campuscodi @goatyell @da_667

1
8
0
Edited 3 months ago
Tonight in "Fun with #FOSS":

I installed gerbera to do DLNA things. Config dot freaking XML should've been a warning sign, but I know how to computer.

It took about half an hour until I figured out from the docs what XML tag I should use and where to point to the directory where my media content is (it's not in the default config).

The fun begins when the systemd unit just exists. There is a logging option, but no hint about where the logs are. Nvm, journalctl captured stdout:

"level attribute is missing or invalid"

There is no "level" attribute in the docs.

Googling: 0 result - spoiler: this is because the second part of the message comes from an XML lib, while the attribute name comes from the XSD.

The solution is to checkout the git tag corresponding to the OS package version, find the XSD and the attribute definition in it. I fixed the config.

The software now runs (it just doesn't work).
1
1
2
repeated

The city of 's-Hertogenbosch is multiple examples of "falsehoods programmers believe about place names"

2
4
0
Of course, the wisdom of James Mickens applies:

https://www.usenix.org/system/files/1401_08-12_mickens.pdf
4
22
36
repeated

Android Virtualization Framework - runs the "host" (Android and Linux kernel) in a VM and launches isolated envs. (= pVMs). Based on KVM but offloads complex code to the host VM. pVM firmware is in Rust
- https://www.youtube.com/watch?v=K24dmA7QGLE
- https://source.android.com/docs/core/virtualization/security
- https://android.googlesource.com/platform/packages/modules/Virtualization/+/refs/tags/aml_con_341511080/pvmfw/

https://bird.makeup/@lauriewired/1832541105390547456

0
2
0
repeated

From the WTAF dept: 3 killed, > 1,000 wounded in Beirut by exploding pagers:

"BEIRUT, Sept 17 (Reuters) - At least three people were killed and more than 1,000 others including Hezbollah fighters, medics and Iran's envoy to Beirut were wounded on Tuesday when the pagers they use to communicate exploded across Lebanon, security sources told Reuters.

A Hezbollah official, speaking on condition of anonymity, said the detonation of the pagers was the "biggest security breach" the group had been subjected to in nearly a year of conflict with Israel."

https://www.reuters.com/world/middle-east/dozens-hezbollah-members-wounded-lebanon-when-pagers-exploded-sources-witnesses-2024-09-17/

via @dangoodin

11
6
0
repeated

The web Hackvertor now has all of the tags to conduct email parser discrepancies attacks.

https://hackvertor.co.uk/

0
2
0
repeated

Ok, my article on porting the SBCL common implementation to the nintendo is now live:

https://reader.tymoon.eu/article/437

Boosts would be much appreciated! It's been a lot of work to get this far.

0
5
0
repeated

I'd like to share some of my projects that are hosted on @github. Let's start with my public that span more than two decades of .

https://github.com/0xdea/exploits

"You can't argue with a root shell." -- Felix "FX" Lindner

Probably the most known is raptor_udf.c that targets (those of you who solved the @offsec training labs should recognize it).

My favorite is still raptor_rlogin.c, a glorious from the early 2000s. Take your pick!

1
3
1
"What you think of Oracle _is even truer_ than you think it is!" - Bryan M. Cantrill[1]

Ellison Declares Oracle 'All In' On AI Mass Surveillance

https://developers.slashdot.org/story/24/09/16/213256/ellison-declares-oracle-all-in-on-ai-mass-surveillance

[1]https://youtu.be/-zRN7XLCRhc?si=FAsYQN2_Xoelkzlp&t=2048
0
0
2
repeated
Show older