A new persistent thread that has gone ignored by everyone for a decade has finally been publicized: http://seclists.org/oss-sec/2017/q2/616
|
|
# ¿ Jun 27, 2017 14:41 |
|
|
# ¿ May 3, 2024 01:38 |
How is a failure not a bug?
|
|
# ¿ Jul 2, 2017 08:16 |
In what can only be described as the least shocking turn of events since water was discovered to be wet, AMD/ARM TrustZone turns out to not be much better than Intel ME.
|
|
# ¿ Jul 26, 2017 10:42 |
https://twitter.com/JennaMagius/status/891434286212984832
|
|
# ¿ Jul 30, 2017 22:34 |
"Anyone got a kronos sample?" --@MalwareTechBlog, 13 Jul 2014
|
|
# ¿ Aug 3, 2017 21:56 |
Cowboy Mark posted:Software they are trying to use (CuteFTP I think) is so outdated all of the ciphers are disabled by default in Ubuntu 16.
|
|
# ¿ Sep 2, 2017 13:49 |
My apologies, I misread it. Thought it was about an outdated ftp client not sshd. Although it's technically possible to send files over ssh, it's a lot easier to use scp.
|
|
# ¿ Sep 2, 2017 18:32 |
RFC2324 posted:scp is ssh. That is HOW you send files over ssh in a unix to unix transfer. For sending from a windows box sftp is usually easier to get going, in so far as modern ftp clients will automagically use it if you tell them to connect on port 22 instead of 21. I was talking about piping standard streams through ssh, like you do with zfs send | receive - because I'd just been doing that to back up stuff, and it reminded me that you could theoretically do that.
|
|
# ¿ Sep 3, 2017 09:25 |
Subjunctive posted:I took many a snapshot backup of a project via tar czf - dir/ | ssh host "cat > backup.tar.gz" So it turns out I'm actually just a stupid-head.
|
|
# ¿ Sep 3, 2017 12:23 |
Sending zfs bytestreams over ssh seems like a perfect piece of SSH trickery to me, if the boxes serve as backup for each other in case of catastrophic hardware failure, and both happen to run some form of ZFS.
|
|
# ¿ Sep 3, 2017 20:27 |
RFC2324 posted:It seems like something that would be more efficiently solved in another way, to me. One of those 'can we do things in a sane reliable engineered way, or come up with some wacky ssh solution?' situations. For one, if those boxes server as backups for each other(you mean clustered, right?) wouldn't you want them to have a shared backing datastore? In this situation, a friend and I have agreed to serve as additional backup (in addition to whatever other backup solutions we use; I have spideroak and an off-line disk - dunno what he uses) for each other, for stuff that's not private but is nevertheless stuff that we'd like to keep even if our houses spontaneously burst into flames, and not have to restore from cloud since +5TB has a habit of taking a rather long time. We use zfs send | receive, ssh and mbuffer to transfer between each of our servers, after the initial backup which was done at a LAN party. The incremental reverse delta nature of ZFS snapshots ensure that it's only changed data at the byte level as well as any new data that's actually transferred, which means it's even faster than if rsync was being used (because that works at a file level). All that being said, I've also seen it used for fail-over in case of disaster-recovery for actually-critical data, which is where I got the idea.
|
|
# ¿ Sep 4, 2017 12:39 |
EVIL Gibson posted:Sure. I get you, but understand that it isn't normal to use a backup as a or part of live environment except for the times it needs to be talked to when backing up things. Believe me, I'd love to not have had a cancer diagnosis and have been able to find a job so that I could do things in a more sane way, but that's not how things turned out.
|
|
# ¿ Sep 4, 2017 17:39 |
The sysinternals suite needs to be known by more people.
|
|
# ¿ Sep 20, 2017 11:20 |
Furism posted:Some VM escape vulnerability just patched by VMWare: https://nakedsecurity.sophos.com/2017/09/21/critical-vmware-vulnerability-patch-and-update-now/
|
|
# ¿ Sep 22, 2017 15:12 |
I've heard of browsers that seemingly slow a computer to a crawl, but putting a buttcoin miner in an extension is a new high (or low). The author claims that there "has been a hack", but the extension hasn't actually been updated for over a month, so something doesn't quite add up.
|
|
# ¿ Sep 23, 2017 22:09 |
anthonypants posted:It's not even new. https://www.youtube.com/watch?v=vI3GRCgThxE
|
|
# ¿ Sep 24, 2017 15:25 |
Furism posted:So these guys wrote a paper (PDF) explaining how to exfiltrate data from the IR leds of IP cams. Bit rate is low (20 bps) but it's better than nothing. I guess it's an evolution of the same thing somebody else presented at Black Hat Europe in 2015 (iirc) where they used the light from hacked printers/scanners to achieve the same (although less discreetly obviously).
|
|
# ¿ Sep 25, 2017 10:34 |
He is an OpenBSD developer, afterall. EDIT: I just realized that that might come off as dismissive, which it isn't intended to be. What I mean is: It is implicit that when you use OpenBSD that you trust OpenBSDs developers not to intentionally back-door their software and do everything in their power to try and keep the software bug-free. In that sense, it makes sense to me for Ted to say that you should trust him signing his own certificates. BlankSystemDaemon fucked around with this message at 19:32 on Sep 25, 2017 |
|
# ¿ Sep 25, 2017 19:22 |
CLAM DOWN posted:Instagram does have sms 2fa you can opt in
|
|
# ¿ Oct 7, 2017 22:46 |
I quite like 'pass' - it runs on most Unix-likes, and has clients with UIs for the systems that it doesn't run on. Not-quite-ninja edit: Whoops, accidentally linked to the FreeBSD manpage; the project actually has its own website here. BlankSystemDaemon fucked around with this message at 15:10 on Oct 9, 2017 |
|
# ¿ Oct 9, 2017 15:08 |
Endless Septemper keeps on giving: A critical vulnerability has been identified in TPM 1.2 and 2.0.
|
|
# ¿ Oct 11, 2017 14:44 |
And the best part is that the two updates Microsoft have published for the issue apparently cannot co-exist since a lot of machines have been breaking and the only fix being to remove KB4041691 with dism.exeorange sky posted:I can't wait for SSL's, it's gonna be glorious
|
|
# ¿ Oct 11, 2017 15:07 |
So... Endless Septemper isn't over yet: Something "big enough that you may have to replace all your access points", which will be covered in a paper entitled "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2", and which is related to the problems with 4-way handshake that was demonstrated at DEFCON using a man-in-the-middle attack against a OpenBSD client is about to be released in less than 24 hours, so keep an eye out for CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088. BlankSystemDaemon fucked around with this message at 21:39 on Oct 15, 2017 |
|
# ¿ Oct 15, 2017 21:34 |
anthonypants posted:Even so, it would be really nice if there were some method of defense from the client side, otherwise you're not going to be able to connect to a Starbucks' or a hotel's wifi network until WPA3.
|
|
# ¿ Oct 16, 2017 09:08 |
IPsec can actually be astonishingly fast even on relatively old hardware. Some benchmarks done on FreeBSD 11.0 show that on a Xeon L5630 from 2010, IPsec doing ~850Mbps whereas OpenVPN manages a respectable ~547Mbps These benchmarks were done before IPsec was moved into a kernel module (instead of being statically compiled into the config, in addition to which NAT-T was added), plus the network stack, opencrypto and other parts has seen quite a bit of speed improvments since, so IPsec may be approaching or topping gigabit linespeed on more modern hardware. EDIT: Don't let a small CPU discourage you from using a VPN if you're on a hotspot, even an APU2 with a 1GHz quad-core AMD can manage ~350Mbps BlankSystemDaemon fucked around with this message at 21:54 on Oct 20, 2017 |
|
# ¿ Oct 20, 2017 21:44 |
Endless September still hasn't completely given up the ghost? It's going out with a 10.0 on CVSS v3 for CVE-2017-10151 affecting Oracle Identity Manager. Nevermind, it's not clear that this dates from back in September like I thought. Still, 10.0s don't come around every day. BlankSystemDaemon fucked around with this message at 00:19 on Nov 2, 2017 |
|
# ¿ Nov 2, 2017 00:10 |
That sounds like the kind of Fun you get in Dwarf Fortress.
|
|
# ¿ Nov 2, 2017 17:17 |
If you've like me in that you're fascinated by how exploits get used, and have got time to spare, have a read on how CVE-2017-5123 for Linux can be used to go from RCE to priviledge escalation even through the Chrome sandbox. There's a slight bonus in that it apparently resulted in grsecurity, not exactly known to be angels, causing (mostly internal) drama by publically calling his commit bit in question. BlankSystemDaemon fucked around with this message at 00:25 on Nov 7, 2017 |
|
# ¿ Nov 7, 2017 00:21 |
anthonypants posted:If you like reading up on securing C code from a guy who isn't exactly known to be an angel, here's Theo de Raadt in 2015 talking about an exploit mitigation technique used by OpenBSD: However, at this point I feel like I have pretty exhaustive knowledge from spending time over beer discussing the strengths and demerits of Pledge (OpenBSD only), CloudABI (FreeBSD and Linux), Capabilities (FreeBSD + Google-derived Linux?), and Seccomp (Linux-only), and aside from favoring Capabilities with Capsicum (especially because aside from never being able to escape the sandbox by using execv(2) like Pledge, they they can be hardware-enforced as CheriBSD, a fork of FreeBSD that's worked on at Cambridge demonstrates), I mostly wish everyone would agree to one form of sandboxing as I feel that that's one of the only ways we're ever going to manage it properly. BlankSystemDaemon fucked around with this message at 15:07 on Nov 7, 2017 |
|
# ¿ Nov 7, 2017 13:07 |
anthonypants posted:Literally the only other thing you could be talking about is this, but that requires a Go interpreter and not Linux. If anyone's gonna throw any numbers real meaningful numbers around, I expect to see both Linux and FreeBSD benched with dtrace down to nano-second time-scale, and preferably in a published paper with an associated glamour name to hype it up, because why the gently caress not. Meanwhile, I'm not sure how I feel about a public DNS server making decisions on how requests should be handled with respect to adware, malware and other stuff. It's one thing for me to use void-zone-tools with unbound on my local network, but entirely another for a public server to decide what should be done about it - but maybe that's because I live in a country with actual DNS censorship implemented at ISP levels (in Denmark, it's technically not enforced, but because its first incarnation was so successful, it's now used to block everything from thepiratebay to shady pharmaceuticals), so I'm sort of in the mindset that public DNS servers should not try to block anything for any reason. BlankSystemDaemon fucked around with this message at 01:04 on Nov 18, 2017 |
|
# ¿ Nov 18, 2017 00:13 |
Apple apparently has to issue yet another fix for passwordless root. It also happened to Linux a few days ago, where the patch to fix Dirty COW had its own CVE issued.
BlankSystemDaemon fucked around with this message at 11:08 on Dec 2, 2017 |
|
# ¿ Dec 2, 2017 11:04 |
lolit Reply is not edit
|
|
# ¿ Dec 2, 2017 11:08 |
It bears mention that the person who posted it on Twitter wasn't the first to have found/posted about it on Twitter, let alone on the broader internet as there was a post about it on Apples own support forum a lot earlier. So either Infosec Taylor Swift is referring to something else, or is too busy with hot takes that are quickly turning luke-warm to let facts bother them.
|
|
# ¿ Dec 4, 2017 15:27 |
So now we play the waiting game?
BlankSystemDaemon fucked around with this message at 12:01 on Dec 9, 2017 |
|
# ¿ Dec 9, 2017 11:52 |
It leaves a pretty sour taste even in my mouth - and I didn't make a business around it. I imagine she's feeling downright acerbic.
|
|
# ¿ Dec 9, 2017 12:48 |
Subjunctive posted:Isn’t TPM supposed to be resilient against altered BIOS? Intel also uses it as part of LaGrange which hooks into EDIT: It wasn't Vanderpool itself that was flawed, but sandsifter did manage to find at least one enterprise hyperrvisor that handled an OPcode wrong, so who knows how many others there are and how easy it is to execute instructions outside the hypervisor. BlankSystemDaemon fucked around with this message at 16:41 on Dec 9, 2017 |
|
# ¿ Dec 9, 2017 16:35 |
Furism posted:I guess it's InfoSec related. I just discovered WireGuard, a kind-of replacement for IPSEC (it operates at layer 3 like IPSEC, not at layer 6 like OpenVPN). The whitepaper is pretty good and the tech seems solid. There are rumors it'll make it into the Linux Kernel in the coming two years. The best difference with IPSEC is that the configuration file is like 6 lines (compare that to the nightmare that is StrongSwan, because ISAKMP/IKE is so complex). However, let's assume for a second that the implementation passes muster - there's still the same blocker for any and all VPN technologies, namely client OS adoption. IPsec can be relied on to be available basically everywhere and with NAT-T and ESP (defaults to aes128-sha256 on FreeBSD, anything supplied by crypto(9) can be used) there are very few places where you can't use it. Plus, if you throw L2TP into the mix, there's basically nothing you can't use it for. OpenVPN, WireGuard, and anything else requiring additional client software limits deployability, doesn't necessarily carry all traffic, and there are networks where it won't be usable.
|
|
# ¿ Dec 13, 2017 12:44 |
Someone figured out how to handle password leaks.
|
|
# ¿ Dec 28, 2017 17:50 |
2018 is off to a great start, with at least one theory that it's a priv-esc exploit against hypervisor(s) like the ones being used by Amazon and Google.
|
|
# ¿ Jan 1, 2018 19:54 |
|
|
# ¿ May 3, 2024 01:38 |
In the good tradition of PoC||STFU, here's some PoC: "no page faults required, massaging everything in/out-of the right cache seems to be the crux".
|
|
# ¿ Jan 3, 2018 17:54 |