Luke and Leia take center stage in this vibrant panel of Budapest’s Star Wars mural by Rawman, CSM, Little Mejo, and Time.

This is the largest breakthrough in Windows / Office piracy ever.
This solution will be available in the coming months—stay tuned for updates!

Sooo Ars, after correcting the original deeply flawed, pure clickbait article, has now doubled down with new info about how "Bootkitty" is actually used.

TL;DR: I was right about Bootkitty only being useful at all for UEFI Secure Boot systems. Turns out there's a separate component that exploits LogoFAIL, a year-old UEFI vulnerability discovered by researchers, to enroll Bootkitty's key into UEFI Secure Boot, which then bypasses the need for user consent for the new bootloader.

So, to recap:

• There is no new vulnerability here. This is not a zero-day.
• Everything in this proof-of-concept attack is just putting things we already knew were possible together.
• Bootkitty is still just PoC level and useless on real production systems, since it still works only on a single Ubuntu kernel.
• Bootkitty is still not a real bootkit, just a component that's part of enabling the Secure Boot bypass, and trivial to remove and detect.
• This whole thing is still not persistent in any way in firmware, and trivial to remove. The LogoFAIL exploit is also stored on disk, not anywhere in firmware.
• This is not a remote exploit, or a local user exploit. You need root to install it, there is no extra OS-level exploit chain anywhere to be seen.

The only news here is that someone decided to use LogoFAIL, which again was discovered a year ago, to create the capability of installing a traditional, old school kernel rootkit on UEFI Secure Boot systems without user consent on reboot. Which, again, is obviously possible when you have something like LogoFAIL. And you still need root access to install any of this.

To reiterate, this only matters if your threat model is an attacker might get root on my system, but they won't be able to install a kernel-level rootkit because I use Secure Boot, oh and also I didn't bother to patch LogoFAIL. Note that under this model an attacker can still install user-level rootkits anyway, so it's... certainly an interesting model. Also note that under this model an attacker can also just install any old known-vulnerable-to-something distro kernel (there is no revocation for those) and then exploit it to add the rootkit on every boot, achieving the same result of a module rootkit on a Secure Boot system without any of the LogoFAIL or Bootkitty nonsense. You could even just kexec into a backdoored newer kernel that way.

So, cute and interesting, yes. Still a PoC and a nothingburger for the security world. If you rely on UEFI Secure Boot's guarantees and you haven't patched LogoFAIL one year later, that's on you.

And if you take the Secure Boot stuff seriously you should probably get an Apple Silicon Mac anyway, because UEFI Secure Boot is Swiss cheese with a massive attack surface and stuff like LogoFAIL is bound to keep happening.

Edit: Aaaand it indeed was a student project.

Guys; you should try binary ninja on reversing c++ classes. Look at this writeup from Sean Deaton.

Gotta RE 'em All: Reversing C++ Virtual Function Tables with Binary Ninja

https://www.seandeaton.com/gotta-re-em-all-reversing-c-virtual-function-tables-with-binary-ninja/

#binaryninja #binary_ninja #binary #ninja #reversing #reverseengineering #cpp

Here’s how stupid me got his bot banned from Bsky:

• I accidentally commited a debug raise that caused my script to exit with error
• The systemd unit running the script was configured with Restart=always, because I usually just copy these configs :P
• Turns out, systemd restarts services really fast on failed status

On the plus side Bsky’s API errors are pretty informative about what went wrong and when the ban will be lifted. Unfortunately because of that stupid raise I lost the logs of why the first failures (before the ban) happened :/

Moral?

Sent from Amsterdam, Netherlands on February 20, 1996. https://postcardware.net/?id=4-49

A collection of Charles Babbage Institute newsletters from the 80s and 90s
I couldn't find scans on line at the CBI website.
Lots of interesting information on how they came to be and what there collecting strategy was.
https://bitsavers.org/pdf/charlesBabbageInstitute/newsletters

#bitsavers

If the designers of X Windows built cars, there would be no fewer than five steering wheels hidden about the cockpit, none of which followed the same principles but you'd be able to shift gears with your car stereo. Useful feature that.

— Marcus J. Ranum

How to enable ads in here??!1

On the other app, yesterday Hugging Face released a dataset of one million posts. The anti-ai reaction was so negative that they took down the dataset.

Now an anon pfp has released a dataset with two million posts.

We suspected it before. But this seems to confirm the ITW exploit for CVE-2024-9680 was definitely inspired by CVE-2022-0609. Just look at the variable names and other choices - such as creating a Animation object via "animate" function instead of constructor

https://bird.makeup/@esetresearch/1861372500443013450

The evolution of #LEGO computer #UX design:

https://interactionmagic.com/UX-LEGO-Interfaces/

A follow-up to my first post in the land of Swiss Tax Adventures, including a N-day, 0-day, and the Kantönligeist

https://mkiesel.ch/posts/swiss-tax-adventures-2/