"Best email money can buy" product Zimbra has an embarrassingly bad vulnerability: CVE-2024-45519

The vulnerable code appends the attacker-provided email address to a command line and then runs it with popen() (which uses a shell). Guess what happens when the email address has a backticks, a semicolon, $(), etc?

What year is this?

Luckily the attack vector to get there (postjournal) isn't enabled by default, as there are exploitation attempts occurring in the wild:
https://infosec.exchange/@justicerage/113231837285277188

https://blog.projectdiscovery.io/zimbra-remote-code-execution/

As I am seeing some Medium links in my timeline today, and Medium is pretty annoying (pop-overs and all). So reminder that you can just replace:

> medium.com

…with:

> scribe.rip

In any Medium link and get a wonderful simple unobtrusive reading experience instead.

#Medium #ScribeRip #AlternativeFrontends

The Cryptodifference Engine: An in-depth look at differential fuzzing for harvesting crypto bugs, by Célian Glénaz

https://blog.quarkslab.com/differential-fuzzing-for-cryptography.html

To get rich in a gold rush, sell shovels.

https://www.sonarsource.com/lp/solutions/ai-assurance-codefix/

Matt Levine brought to my attention this insider trading case involving a dude who hacked into company computer systems to get nonpublic info and then traded on it.
https://www.sec.gov/enforcement-litigation/litigation-releases/lr-26141

What's funny to me is the application of insider trading law to computer hacking.

I’ve been offered free credit monitoring at least 6 times in the last few years (still using my OPM one). How many breaches does it take before we prioritize real cybersecurity over cleanup offers? What's your free credit monitoring number?

Current #curl bug-bounty stats (since April 2019).

Reports: 475
Confirmed security issues: 73 (15%)
Identified bugs (but not security problems): 92 (19%)
Invalid: 310 (65%)

So what did I find in my EV-charger wifi-card?
Basically, it is a raspberry pi.
The SD-card contains goodies, like a private ssh-key that apparently gave me access to their jumphost (no restrictions in their shell either).

The NTP was also not configured, it also contained the entire bash-history, including all the "failed commands" and apparently a password to something.

I guess I'll spend some time on the phone tomorrow

#linux #infosec #bored

lmao, the FBI is mad that the Z-Library founders are having holidays

Question about IDA and Ghidra considering the latest IDA license changes, regarding #Diaphora: If a (highly integrated) Ghidra port of Diaphora appears "soon", would you...

Interesting listen (NSA's Brian Snow on risk-based security): https://t.co/MwSi8KE8kA

"Basically it boils down to the fact that it's impossible to assign a likelihood to an unknown attack.

So how on earth did risk-based security become the 'standard' way of doing things in the enterprise? What use is a risk register if high-impact, low-likelihood adverse events can't be reliably quantified?"

This undergraduate thesis by Jan Strehmel deserves a prize:

𝐀𝐛𝐬𝐭𝐫𝐚𝐜𝐭. One of the most fundamental unanswered questions that has been bothering mankind during the Anthropocene is whether the use of swearwords in open source code is positively or negatively correlated with source code quality. To investigate this profound matter we crawled and analysed over 3800 C open source code containing English swearwords and over 7600 C open source code not containing swearwords from GitHub. Subsequently, we quantified the adherence of these two distinct sets of source code to coding standards, which we deploy as a proxy for source code quality via the SoftWipe tool developed in our group. We find that open source code containing swearwords exhibit significantly better code quality than those not containing swearwords under several statistical tests. We hypothesise that the use of swearwords constitutes an indicator of a profound emotional involvement of the programmer with the code and its inherent complexities, thus yielding better code based on a thorough, critical, and dialectic code analysis process.

https://cme.h-its.org/exelixis/pubs/JanThesis.pdf

It cites some previous research:

• Yehuda Baruch et al. Swearing at work: the mixed outcomes of profanity,
Journal of Managerial Psychology 32 (Jan. 2017),149–162, https://doi.org/10.1108/JMP-04-2016-010

𝐀𝐛𝐬𝐭𝐫𝐚𝐜𝐭. In contrast to much of the incivility and social norms literatures, the authors find that male and female business executives, lawyers and doctors of all ages admit to swearing. Further, swearing can lead to positive outcomes at the individual, interpersonal and group levels, including stress-relief, communication-enrichment and socialization-enhancement

Micropatches for Windows Installer Elevation of Privilege Vulnerability (CVE-2024-38014)
https://blog.0patch.com/2024/10/micropatches-for-windows-installer.html

Google Chrome security advisory: Stable Channel Update for Desktop
New version 129.0.6668.89/.90 for Windows, Mac and 129.0.6668.89 for Linux includes 4 security fixes, 3 externally reported:

• CVE-2024-7025 (high) Integer overflow in Layout
• CVE-2024-9369 (high) Insufficient data validation in Mojo
• CVE-2024-9370 (high) Inappropriate implementation in V8

No mention of exploitation.

#google #chrome #vulnerability #cve

🚀 Taking a quick dive into Ghidra 11.2’s stack-based string handling! 🛠️

Check out the improvements from version 11.1.2 to the new release. Stack strings have been a long time coming, but Ghidra is ever improving! 👏 #Ghidra #ReverseEngineering #everydayghidra

It’s troubling to see intrusion responses struggle due to lack of logging and visibility. Build a robust logging strategy and practice hunts to truly understand what you're monitoring and what you can trust. Incident time is a painful moment for discovery learning.