One of the most lucid breaks I've seen in a while https://github.com/MorteNoir1/virtualbox_e1000_0day
https://arstechnica.com/information-technology/2018/10/bug-in-libssh-makes-it-amazingly-easy-for-hackers-to-gain-root-access/ https://www.libssh.org/security/advisories/CVE-2018-10933.txt
https://justi.cz/security/2018/09/13/alpine-apk-rce.html
https://semmle.com/news/apache-struts-CVE-2018-11776
Routing Around Nation-States: Overlays and Measurements https://ransom.cs.princeton.edu/
http://www.openwall.com/lists/oss-security/2018/08/15/5 http://www.openwall.com/lists/oss-security/2018/08/24/1
https://www.theregister.co.uk/2018/08/14/intel_l1_terminal_fault_bugs/ https://lwn.net/Articles/762570/
https://misc0110.net/web/files/netspectre.pdf
https://www.kb.cert.org/vuls/id/304725
https://arxiv.org/abs/1807.05843
https://johansen.software/github-xp/
https://www.spinics.net/lists/linux-crypto/msg33291.html
I wonder how long before Rowhammer-style attacks make their way to networking equipment... https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf
A broken embargo, and lots of finger pointing. Security is awesome! https://efail.de/
https://arxiv.org/pdf/1805.04956.pdf
http://rachelbythebay.com/w/2018/04/05/bangpatch/
(from the lzip format author) https://www.nongnu.org/lzip/xz_inadequate.html
This of course is sad because we software developers are among the few people who are able to understand the strengths and weaknesses of formats. We have a moral duty to choose wisely the formats we use because everybody else will blindly use whatever formats we choose.
https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
As such, the Internet has a non-zero momentary data storage capacity.
It is possible to push out a piece of information and effectively have
it stored until echoed back. By establishing a mechanism for cyclic
transmission and reception of chunks of data to and from a number of
remote hosts, it is possible to maintain an arbitrary amount of data
constantly `on the wire', thus establishing a high-capacity volatile
medium.
http://lcamtuf.coredump.cx/juggling_with_packets.txt
Paper (PDF) An exploitation chronomancer is one who is capable of divining the best time to exploit something based on the alignment of certain bytes that occur naturally in a process' address space
https://github.com/UnaPibaGeek/ctfr
Because the computer is always right. Only a matter of time before there's malware hidden in the next pop hit. https://nicholas.carlini.com/code/audio_adversarial_examples/
https://www.theregister.co.uk/AMP/2018/02/06/openvms_vulnerability/
http://www.brendangregg.com/blog/2018-02-09/kpti-kaiser-meltdown-performance.html https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/ Spectre Mitigations in Microsoft's C/C++ Compiler Intel Analysis of Speculative-Exectutation Side Channels (PDF) AMD Indirect Branch Control Extension (PDF)
Throw out all your computers. Again.
Intel CPU Design Flaw Meltdown and Spectre attack Reading privileged memory with a side-channel AMD processors unaffected Apple deals with KPTI with DoubleMap As expected, Intel's CEO dumps his stock Retpoline Theo De Raadttalking about Intel flaws back in 2007
This is the tale of a macOS-only vulnerability in IOHIDFamily that yields kernel r/w and can be exploited by any unprivileged user.
https://siguza.github.io/IOHIDeous/
https://blog.avast.com/avast-open-sources-its-machine-code-decompiler
It has been X many days since last TLS disaster https://robotattack.org/
https://www.microsoft.com/en-us/quantum/development-kit Writing a Quantum Program
https://imgur.com/gallery/DZRTr
Dude destroys tons of equipment, points out internet is broken. http://archive.is/PQAnU
Amazingly, the ISP didn't try to cover up the outage as some kind of network issue, power spike or a bad firmware upgrade. They didn't lie to their customers at all. Instead, they promptly published a press release about their modems having been vulnerable which allowed their customers to assess their potential risk exposure. What did the most honest ISP in the world get for its laudable transparency? Sadly it got little more than criticism and bad press. It's still the most depressing case of 'why we can't have nice things' to me, and probably the main reason for why 99% of security mistakes get covered up and the actual victims get left in the dark. Too often 'responsible disclosure' simply becomes a euphemism for 'coverup.'
Like shorting the market, but funnier https://sendcryptopeopletulips.com/
https://arxiv.org/abs/1708.05207 http://www.labsix.org/physical-objects-that-fool-neural-nets/ https://cvdazzle.com/ http://dismagazine.com/dystopia/evolved-lifestyles/8115/anti-surveillance-how-to-hide-from-machines/
Turns out there's a lot of garbage hidden on CPU's these days. Work is underway to defang the nastiness https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html https://schd.ws/hosted_files/osseu17/84/Replace%20UEFI%20with%20Linux.pdf
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.
https://www.vmware.com/ca/security/advisories/VMSA-2017-0018.html
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
If it's been on a random cellphone for a few months, and real users
used it, and had facebook and candy crush running on it, that's a
pretty different deal.
https://lkml.org/lkml/2017/11/21/356 http://lkml.iu.edu/hypermail/linux/kernel/1711.2/01701.html
I honestly have no words for how dumb this is.
http://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/
fix: sudo passwd -u root dsenableroot -d
It turns out having 20+ Markdown implementations with no spec is a bad idea. Let's see how long before there's a competing spec ;-) http://commonmark.org/
Wouldn't it be nice if we stopped writing critical system services in C? Nah. https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
An older one, but a great read. https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/
http://queue.acm.org/detail.cfm?id=1563874
"In designing applications to handle ever-increasing amounts of data, developers would do well to remember that hardware specs are improving too, and keep in mind the so-called ZOI (zero-one-infinity) rule, which states that a program should “allow none of foo, one of foo, or any number of foo.” That is, limits should not be arbitrary; ideally, one should be able to do as much with software as the hardware platform allows."
"... big data should be defined at any point in time as “data whose size forces us to look beyond the tried-and-true methods that are prevalent at that time.”
WPA2 is broken, hum-de-dum https://www.krackattacks.com/ https://github.com/vanhoefm/krackattacks
https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/ http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
It turns out most Bluetooth stacks are terrible.
https://twitter.com/rob_pike/status/907164275965255685 http://cva.stanford.edu/classes/cs99s/papers/myer-sutherland-design-of-display-processors.pdf
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
http://ispras.linuxbase.org/index.php/ABI_compliance_checker
Black Hat presentation https://github.com/xoreaxeaxeax/sandsifter
https://research.google.com/pubs/pub46359.html
To our surprise, we find that more than half of errors are caused by client-side or network issues instead of server misconfigurations.
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang
http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/
CVE-2017-9798 https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
http://blog.talosintelligence.com/2017/09/fin7-stealer.html What makes this one interesting is the obfuscation techniques
The function body of the evaluated JavaScript appears to be within a multi-line comment, however, in reality this is evaluated as a multi-line string.
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt