Raw recordings of #38C3 from yesterday are live here:
https://streaming.media.ccc.de/38c3/relive

extremely based slide to end on for the train hackers #38c3

New assessment for topic: CVE-2024-48457

Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."

"[CVE-2024-48457](https://www.cve.org/CVERecord?id=CVE-2024-48457) is an authentication bypass that allows for an unauthenticated reset of the Wifi and admin password of the router. ..."

Link: https://attackerkb.com/assessments/182d054a-a1ba-4e39-8b00-bae34a0a894a

YouTuber won DMCA fight with fake Nintendo lawyer by detecting spoofed email
Gamer urges YouTube to change DMCA takedown process to end copyright abuse.
https://arstechnica.com/tech-policy/2024/12/youtuber-won-dmca-fight-with-fake-nintendo-lawyer-by-detecting-spoofed-email/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

I will give two lightning talks at #38c3 🎉 Both on day 3, stage Huff, around 11:30am.

Detecting Fake Base Stations with CellGuard on iOS 📶
https://cfp.cccv.de/38c3-lightningtalks/talk/8RRHKT/

iOS Inactivity Reboot 📲
https://cfp.cccv.de/38c3-lightningtalks/talk/B83MXJ/

New, w/ @lorenzofb: Data-loss prevention startup Cyberhaven was hacked to publish a malicious update to its Chrome extension, affecting potentially thousands of users. A security researcher says other big Chrome extensions were hacked in the same campaign.

More: https://techcrunch.com/2024/12/27/cyberhaven-says-it-was-hacked-to-publish-a-malicious-update-to-its-chrome-extension/

I finally figured out why I can't bypass the V8 Sandbox on the Amazon Echo Show 5's Wi-Fi captive portal browser.

... it's 32-bit; there is no V8 Sandbox

When digital materials are vulnerable to sudden removal, our collective memory is compromised, and the public’s ability to access its own history is at risk. This year, we released the Vanishing Culture report, a study that details instances of cultural loss and emphasizes the crucial role that libraries and archives play in preserving materials for future generations.

Help us in saving these resources: https://archive.org/donate/?origin=mstdn-eoy2024

“The Chaos Computer Club supports the three hackers who explained in detail at 37C3 how the Polish rail vehicle manufacturer Newag had manipulated its trains in such a way that they could only be repaired in the company's own workshops. The manufacturer reacted to the publications with an attitude not seen since the 90s and sued the hackers under both criminal and civil law.

The CCC is calling for donations to cover the legal and other resulting costs incurred so far.”

https://www.ccc.de/en/updates/2024/das-ist-vollig-entgleist

Best 38C3 preso I have seen so far (kinda week so far this year!) -> https://events.ccc.de/congress/2024/hub/en/event/from-silicon-to-sovereignty-how-advanced-chips-are-redefining-global-dominance/

Amazing tech to build modern chips!!!! :O
Fucking bonkers...

Circle Drone of Doom progress

2024 has been an exciting year for our research group! We pushed the boundaries of fuzzing and ventured into Android security, uncovering some fascinating bugs along the way. Don’t miss the highlights --- check out my latest blog post for a quick summary and links to some of our most intriguing papers: https://nebelwelt.net/blog/2024/1227-retrospective.html

In 10 minutes: What the PHUZZ?! Finding 0-days in Web Applications with Coverage-guided #Fuzzing

https://streaming.media.ccc.de/38c3/zigzag/hls

#38c3

Hey #38c3
Hat jemand einen Gürtel Clip übrig oder 3D Druck files für ein Mitel 612d?
Danke
#help #dect #eventphone

Round two in our fun game: "slop or not?"

(In here, the report is a rewrite of our previous published CVE in a way that I strongly suspect was done by an AI.)

https://hackerone.com/reports/2912277

#curl #hackerone

Merry fucking Christmas from Palo Alto Networks (Zero-Day): CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet
CVE-2024-3393 (CVSSv4: 8.7 high) A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue.

#zeroday #eitw #activeexploitation #vulnerability #paloaltonetworks #cve #CVE_2024_3393 #christmas

Is there a reason why #Rust is so minimalist with keywords? For example the `if let` syntax is completely unreadable to me.

Also, things like `&_` make googling for errors practically impossible.

In case if anyone is looking for them, #38c3 streams are here:

https://streaming.media.ccc.de/38c3

In 50 minutes I’ll present some awesome hardware hacking on Apple’s new USB-C controller at #38c3 - would love to see you there!

Remark concerning #Azerbaijan #Airlines #Flight #8243:

We would do well to remember the names of the pilots who died.

They fought for over an hour with a mortally wounded plane to get it as good as possible to the ground.

They had now yaw, no rudder, no ailerons, no flaps, only the power level of the engine as means of control.

Air Traffic Control denied them the use of the closest airports and sent them to cross a sea.

What they have shown is courage in the face of insurmountable odds. They knew exactly what their chances were. Their airmanship was on the highest possible level.

Their names are Igor Kshnyakin and Aleksandr Kalyaninov.

To the media: please don’t give any airtime to the obviously disinformation spreading speaker of the Kremlin and report about those who saved 29 lives.