40th Weekly Vuln Research newsletter is OUT NOW 📰

iOS kernel exploitation from @alfiecg_dev

Elgato hacking from @dt_db

@_tsuro bypasses CET

RCU Internals from @u1f383

Google Teams check off their OKRs

➕ Jobs and more 👇

https://blog.exploits.club/exploits-club-weekly-newsletter-40-ios-kernel-exploitation-cet-bypasses-elgato-hardware-repair-and-more/

New assessment for topic: CVE-2023-25950

Topic description: "HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request ..."

"HAProxy's HTTP/3 implementation fails to block a **malformed HTTP header field name**, and **when deployed in front of a server that incorrectly process this malformed header**, it may be used to conduct an HTTP request/response smuggling attack ..."

Link: https://attackerkb.com/assessments/410b285d-5724-4300-bcc4-603cc4c726ac

There seems to be a pretty big refactor in #Ghidra 11.2 renaming "Python" to "Jython" - this will break a bunch of integrations, but I can't see it mentioned in the Change History :/

We had a short look at the buffer overflow found by fuzzing `process_browse_data` to determine its exploitability. Conclusion: this bug alone won't give you RCE, or even an info leak.

https://bird.makeup/@evilsocket/1839394447286751430

Here's my quick and dirty PoC for the CUPS vulns. I wrote it after spotting the patches in the public CUPS repo. As always, expect CTF-quality code :D

https://github.com/RickdeJager/cupshax

https://bird.makeup/@rdjgr/1838750230218436891

Finally I got myself to write a script to generate documentation for #Ghidra - now I host the latest info about 11.2, including but not limited to:

• The latest javadoc
• Documentation of the Decompiler Plugin
• Documentation of the Random Forest Function Finder Plugin

I took this opportunity to redo the directory structure that broke most search engine links, sorry about that (this will improve with time ofc)!

gradle prepdev

Normal authors: release book to the public early in the week, with much fanfare.

Me, late Friday afternoon, from a dark alley: "psst! Hey, you! Yeah, you! #sysadmin! Buddy! You ever wanted to Run Your Own Mail Server?" #ryoms

https://www.tiltedwindmillpress.com/product/ryoms-ebook/

(boosts appreciated! )

“It’s the time of Orwell but with corporations." https://www.wired.com/story/internet-archive-memory-wayback-machine-lawsuits/

This is a must-read on the existential battle of @internetarchive

If you wanna take action after, we've got a list of things to do at https://www.battleforlibraries.com/

I can FINALLY announce the news! I have been awarded a British Academy small grant!!

https://www.thebritishacademy.ac.uk/news/over-17-million-in-british-academyleverhulme-trust-small-research-grants-awarded-to-support-shape-researchers/

This work will be on safeguarding knowledge about floppy disks! The project will include working with @dpc_chat @JennyMitcham @anj on gathering floppy disk information in one place. But will also include interviewing floppy disk experts across communities and cleaning floppy disks with different techniques with the conservation department at the Cambridge University Library!!

#streetart #starwars #budapest

Finished the #FSWA training by @stevenseeley and found something cooler than calc.exe to pop: The almost 30 years old dialer.exe. And yes, it's on PATH

In March 2019, I broke a story about how Facebook had been storing unencrypted password data for hundreds of millions of Facebook users.

https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/

Today, the lead European Union privacy regulator fined Meta ~$100 million for that security/privacy failure, which Facebook said could have allowed any one of its 200,000 employees to see the plaintext passwords for up to 600M accounts.

https://www.reuters.com/technology/eu-privacy-regulator-fines-meta-91-million-euros-over-password-storage-2024-09-27/

“Do we need to worry about cups?”

“No we’ve got a handle on it”

my pronouns are they/them/../../../etc/shadow

OpenPrinting/CUPS project decided to publish my related-but-different finding (in code that is about to all go away) https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq86-c7g6-r2h8

Some soft skills insight I gathered over my long career as a security researcher and shitposter:

• When you insult the devs on your security bug reports when they dare not understanding the impact of your awesome bug on the first try, they turn non cooperative. Their main focus shifts from fixing the bug to avoid interacting with you.
• When the disclosure process isn't going well, going to your community to stir the pot isn't going to make things go easier, especially when you're overevaluating the impact of your bug.

Thanks for following my Ted speech

#Ghidra 11.2 released

Documentation links with HTML preview (generated links point to raw repo contents):

• What’s New
• Change History

https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.2_build

[RSS] Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall

https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall