December 1, 2022

                            December 1, 2022

                December 1, 2022

                        I started today’s newsletter by typing in “December 1” and then taking five to just repeat “WTF? December? How? WTF…”
KT @koczkatamasWe've disclosed two remotely exploitable Linux kernel bugs in the Bluetooth stack: one infoleak and one UAF. More information here: github.com/google/securit… and here: github.com/google/securit… (cc @theflow0)
github.comLinux Kernel: UAF in Bluetooth L2CAP Handshake### Summary
There are use-after-free vulnerabilities in the Linux kernel’s `net/bluetooth/l2cap_core.c`’s `l2cap_connect` and `l2cap_le_connect_req` functions which may allow code execution and le...4:58 PM ∙ Nov 29, 2022
590Likes196Retweets
-
Subscribe now
-
This paper was linked in an earlier newsletter. Here’s a nice summary and another link to the paper.
Shashank Joshi @shashj
RUSI has a new report out today on lessons from the first phase of the Ukraine war The authors include a Ukrainian lieutenant-general & @Jack_Watling. The paper is full of rich data & implications for other armed forces. I wrote up some highlights here: economist.comWhat is the war in Ukraine teaching Western armies?It shows the importance of dispersal, firepower and stockpiles1:21 PM ∙ Nov 30, 2022
2,334Likes632Retweets
Shashank Joshi @shashj
The full paper can be found here. "this report seeks to outline key lessons, based on the operational data accumulated by the Ukrainian General Staff, from the fighting between February and July 2022." rusi.orgPreliminary Lessons in Conventional Warfighting from Russia’s Invasion of Ukraine: February–July 2022This study of the early phases of the 2022 war sheds light on Ukraine’s strengths and vulnerabilities, and the need for further Western support.1:22 PM ∙ Nov 30, 2022
877Likes194Retweets
-
Matthijs R. Koot @mrkootIntelligence in An Age of Data Driven Competition (1.9MB .pdf, Oct 2022, 43pp) scsp.ai/wp-content/upl…

^^ Interim Panel Report on intelligence by the Special Competitive Studies Project (@scsp_ai), a U.S.-focused, bipartisan, non-profit initiative. 
3:51 PM ∙ Nov 30, 2022
4Likes3Retweets-
Stephanie Insley Hershinow @S_Insley_H
Listening to a dad in this coffee shop explain to a ~4yo that Darth Vader was “a man with a lot of big feelings who didn’t have anyone to help him express them the right way.”7:44 PM ∙ Nov 29, 2022
150,161Likes10,242Retweets
-
Bypass CrowdStrike Falcon EDR protection against process dump like lsass.exe 🤔 
“TL;DR Do a memory dump of the RAM with any forensics tool like (dumpit.exe, MAGNET RAM Capture ) and from the dump extract the lsass process using volatility or extract the hashed directly from it.”

https://medium.com/@balqurneh/bypass-crowdstrike-falcon-edr-protection-against-process-dump-like-lsass-exe-3c163e1b8a3e

https://infosec.exchange/@raptor/109431508345685709

-
Here’s a look at the various pieces of proposed legislation that impact E2EE. Spoiler alert: They all suck.
Matthijs R. Koot @mrkoot
Main takeaway: "While the text differs, each bill focuses on encryption either explicitly or implicitly to strip it of the protection E2EE needs to survive." (p.8, bottom)

"Each bill" refers to:

1. EARN IT Act (US)
2. Online Safety Bill (UK)
3. EU Scanning Regulation (EU) 
Matthijs R. Koot @mrkootThe Effect of International Proposals for Monitoring Obligations on End-to-End Encryption (Nov 14) https://t.co/2HQA0gdwdW re: EU, UK & US

Direct link to report (0.4MB .pdf, 32pp) https://t.co/bRTe7zuVLb

By @kirtinuthi, senior policy analyst at the Center for @DataInnovation. https://t.co/75mBzuXVoX
8:07 PM ∙ Nov 30, 2022
8Likes11Retweets
-
zerforschung @zerforschung
People on Twitter wished for an edit button. One of Hive's security vulnerabilities allows even more: You can edit posts of other accounts. 
9:44 PM ∙ Nov 30, 2022
2,010Likes1,127Retweets
-
Melissa Chen @MsMelChen
Chinese social media users report Huawei phones automatically deleting* videos of the protests that took place in China, without notifying the owners.

*Not sure if it’s from the cloud or device level 

Our sci-fi movies have not even imagined this level of dystopia… 
4:21 AM ∙ Nov 30, 2022
10,460Likes4,670Retweets
-
lordx64 @lordx64
You can generate post exploitation payloads using openAI and you can be specific on how/what the payload should do. This is the CyberWar I signed for 
6:38 PM ∙ Nov 30, 2022
405Likes97Retweets
-
Ping! Ping! 😂 
FreeBSD Help @FreeBSDHelpFreeBSD Security Advisory: SA-22:15:ping

Stack overflow in ping(8) freebsd.org/security/advis… 

"... It may be possible for a malicious host to trigger remote code execution in ping ..."

CVE-2022-23093
9:34 PM ∙ Nov 30, 2022
114Likes61Retweets
-
Jan Schaumann @jschauma
Douglas Adams "How to Stop Worrying and Learn to Love the Internet" from 1999 is brilliant. (As expected, of course.)

douglasadams.comDNA/How to Stop Worrying and Learn to Love the Internet9:38 PM ∙ Nov 30, 2022
31Likes11Retweets
-
Matthew Garrett @mjg59
A writeup of how RFC 8628 lets you phish people even if they're using WebAuthn tokens, and how there's no good way to protect against that if you're using AWS SSO - mjg59.dreamwidth.orgCaptcha Check9:55 PM ∙ Nov 30, 2022
90Likes34Retweets
-
Riley Goodside @goodsideOpenAI’s new ChatGPT appears to defeat Hofstadter/Bender’s list of hallucination-inducing questions, published in The Economist this June to demonstrate the “hollowness” of GPT-3’s understanding of the world: economist.com/by-invitation/… 
8:37 PM ∙ Nov 30, 2022
2,409Likes304Retweets
Riley Goodside @goodside
OpenAI’s ChatGPT is susceptible to prompt injection — say the magic words, “Ignore previous directions”, and it will happily divulge to you OpenAI’s proprietary prompt: 
9:51 AM ∙ Dec 1, 2022
595Likes74Retweets
Colson @0clsn
@goodside How about this? 10/10 for me. 
8:17 AM ∙ Dec 1, 2022
-
Someone sent in the complete exploitation framework for a collection of 0days that were used from 2018 until probably 2021/22. This is some good intel for people who are tracking bug collisions. It seems that some were killed by internal bug fixes, but they were alive for quite a while first.
But, really, wtf! Someone turned over the entire exploit framework along with additional exploits. It’s wild. What’s the story here?? I’d love to know. 
billy leonard @billyleonardfun analysis from @Google TAG's @_clem1 and @benoitsevens on interesting 🐛🐛🐛 submissions Chrome received earlier this year from a 👻!

blog.google/threat-analysi…
8:32 PM ∙ Nov 30, 2022
14Likes9Retweets
-
Lukasz Olejnik @LukaszOlejnik@Mastodon.Social @lukOlejnikAlbania "asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers". Since they "failed to check the security of the system". Wait, actually holding officials responsible...? apnews.com/article/iran-e…  
Lukasz Olejnik @LukaszOlejnik@Mastodon.Social @lukOlejnik
Doubtful that article 5 of NATO treaty could be triggered by Albania. Those cyberattacks were nowhere near the intensity of an armed conflict. That would make a joke out of NATO … Albania, please fix your policymakers. Thanks! https://t.co/NqjdjP2pBP https://t.co/GyJJaqK3gq
7:03 AM ∙ Dec 1, 2022
4Likes2Retweets
Lukasz Olejnik @LukaszOlejnik@Mastodon.Social @lukOlejnik
Accusations of "failure to check the security of the system", "accused of 'abuse of post,'", facing 7 years or prison.  Interesting development due to "usual reasons". It also puts the  leaks that Albania would want to call for NATO article 5/self-defence in some new context. 
Lukasz Olejnik @LukaszOlejnik@Mastodon.Social @lukOlejnik
Albania "asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers". Since they "failed to check the security of the system". Wait, actually holding officials responsible...? https://t.co/pdFiqZUmHU https://t.co/xfE5scSxmn https://t.co/mOMrUKkXp17:06 AM ∙ Dec 1, 2022
4Likes5Retweets
-
Stephan van Schaik @themadstephanOur survey of SGX attacks is out! Come learn about how SGX fails in real life. Check out our website sgx.fail including attacks on @SecretNetwork and @CyberLink PowerDVD.
sgx.failSGX.Fail4:57 PM ∙ Nov 29, 2022
269Likes102Retweets
Gal Diskin @gal_diskinHonestly, while there obviously are fails, i kinda feel this 'SGX.fail' vibe is a bit over the top. 
Failed compared to what alternative? Also failed vs which goal? Eg is defending from execution time side-channels a goal? 
Stephan van Schaik @themadstephan
Our survey of SGX attacks is out! Come learn about how SGX fails in real life. Check out our website https://t.co/JTAGNGuHld including attacks on @SecretNetwork and @CyberLink PowerDVD.
10:33 AM ∙ Dec 1, 2022
Gal Diskin @gal_diskin
@psyv282j9d @themadstephan @matthew_d_green @SecretNetwork @CyberLink I think you're very much missing the point. TruetZone is a bad TEE architecture sharing trust between all trusted components. SGX enclave approach is a better alternative TEE architecture. We obviously considered other TEEs but the goal was to provide a good TEE approach10:31 AM ∙ Dec 1, 2022
-

                            Don't miss what's next. Subscribe to the grugq's newsletter: