Lightnews — Scholar-powered news

cicada 👺👺👺

@tengusec.tokyo

I guess this site got popular?

November 28, 2024 at 7:19 AM

Reposted by cicada 👺👺👺

Filippo Valsorda

@filippo.abyssdomain.expert

I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.

The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().

It's RCE, not auth bypass, and gated/unreplayable.

Filippo Valsorda @filippo.abyssdomain.expert · Mar 29

This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library.

Looks like this got caught by chance. Wonder how long it would have taken otherwise.

Filippo Valsorda @filippo.abyssdomain.expert · Mar 29

Woah. Backdoor in liblzma targeting ssh servers.

www.openwall.com/lists/oss-se...

It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…

Now I’m curious what it does in RSA_public_decrypt

March 30, 2024 at 5:13 PM

cicada 👺👺👺

@tengusec.tokyo

January 7, 2024 at 11:32 PM

Reposted by cicada 👺👺👺

NetBlocks

@netblocks.org

⚠️ Confirmed: Metrics show that connectivity has collapsed on leading #Ukraine internet operator Kyivstar, as the company reports that it is facing a 'powerful' cyberattack; the incident affecting fixed-line and mobile services is ongoing at the present time 📉

December 12, 2023 at 12:35 PM

cicada 👺👺👺

@tengusec.tokyo

New blog post is up

open.substack.com/pub/tengusec...

Exploit Microsoft DHCP Servers in AD Domains to Spoof DNS Records

No auth required

open.substack.com

December 10, 2023 at 5:54 AM

cicada 👺👺👺

@tengusec.tokyo

archive.org/details/Snea...

Sneakers Computer Press Kit : Universal City Studios : Free Download, Borrow, and Streaming : Intern...

Released in conjuction with the computer hacking movie Sneakers (1992), this floppy-based computer press kit contained many of the aspects of regular movie...

archive.org

December 10, 2023 at 5:10 AM

Reposted by cicada 👺👺👺

Timothy Burke

@bubbaprog.xyz

So I paid Google a lot of money for a long time for a plan that included unlimited storage. They then unilaterally ended that plan, but assured me my data would remain safe—just in read-only mode.

Today they informed me I have seven days to move the entire archive offsite. It's 150 TB.

Your Google Workspace Enterprise Standard for your account burke-communications.com has been scheduled for suspension and will soon be canceled, and your data will be lost

Hello,

We’ve noticed that your account burke-communications.com has been using more storage than currently available to you. For this reason we placed your account in a “read-only” state. Learn more about what happens when you exceed storage limits.

Because you have not taken the necessary steps to free up or get more storage, we will suspend your Google Workspace Enterprise Standard subscription in 7 days on December 16, 2023.

If you take no action your Google Workspace Enterprise Standard subscription will be canceled. You can export all your organization's data before the subscription is canceled. You will be notified prior to your subscription being canceled. Once your subscription has been canceled, you will lose all your data and cannot recover it.

Sincerely,
The Google Workspace Team

December 9, 2023 at 5:26 PM

cicada 👺👺👺

@tengusec.tokyo

Please, with C, sell me something!

December 9, 2023 at 6:12 PM

cicada 👺👺👺

@tengusec.tokyo

For someone who wants to visit Shenzhen in the near future, this guide looks awesome!

www.crowdsupply.com/machinery-en...

The New Essential Guide to Electronics in Shenzhen

Everything you need to navigate the world's largest electronics market

www.crowdsupply.com

December 9, 2023 at 5:24 AM

Reposted by cicada 👺👺👺

Randall Munroe

@xkcd.com

The Wrong Stuff xkcd.com/2865

December 9, 2023 at 1:42 AM

cicada 👺👺👺

@tengusec.tokyo

New blog about CSS Exfiltration Techniques

open.substack.com/pub/tengusec...

CSS Data Exfiltration Techniques

For when you can inject HTML/CSS, but that pesky CSP gets in the way...

open.substack.com

December 6, 2023 at 2:40 AM

cicada 👺👺👺

@tengusec.tokyo

Coming soon!

Post time: 1701486310

Exposing the Flaws: Decoding the BLUFFS Attacks on Bluetooth's Secrecy Protocol
An analysis of BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses

open.substack.com/pub/tengusec...

Exposing the Flaws: Decoding the BLUFFS Attacks on Bluetooth's Secrecy Protocol

An analysis of BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses

open.substack.com

December 1, 2023 at 4:21 AM

cicada 👺👺👺

@tengusec.tokyo

Also: update, yo

chromereleases.googleblog.com/2023/11/stab...

Stable Channel Update for Desktop

The Stable channel has been updated to 119.0.6045.199 for Mac and Linux and 119.0.6045.199 /.200 for Windows , which will roll out over th...

chromereleases.googleblog.com

December 1, 2023 at 3:35 AM

cicada 👺👺👺

@tengusec.tokyo

Update, yo

support.apple.com/en-us/HT201222

Apple security releases

This document lists security updates and Rapid Security Responses for Apple software.

support.apple.com

December 1, 2023 at 3:33 AM

cicada 👺👺👺

@tengusec.tokyo

DNS Under Siege: Unraveling the National-Scale Cache Poisoning Threat
An analysis of "TRAP; RESET; POISON - Taking over a country Kaminsky style," authored by Timo Longin and the SEC Consult Vulnerability Lab

open.substack.com/pub/tengusec...