Twitter | Pretraživanje | |
Solar Designer
founder. RTs don't imply agreement with points of view.
13.064
Tweetovi
966
Pratim
12.659
Osobe koje vas prate
Tweetovi
Solar Designer proslijedio/la je tweet
dragosr 8 h
Here is something you don't see very often these days. An update to the venerable terminal multiplexer GNU "screen" to fix a 768 byte memory overwrite from an on screen color sequence escape (OSC 49). Probably worth updating. Hat Tip:
Reply Retweet Označi sa "sviđa mi se"
Solar Designer proslijedio/la je tweet
Andrey Konovalov 29. sij
Implemented a PoC for disabling kernel lockdown on Ubuntu via a keyboard emulated through USB/IP, CC
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 2. velj
Odgovor korisniku/ci @grsecurity
Reply Retweet Označi sa "sviđa mi se"
Solar Designer proslijedio/la je tweet
Saul Procterm 28. sij
Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: PS: "Did you ever play tic-tac-toe?"
Reply Retweet Označi sa "sviđa mi se"
Solar Designer proslijedio/la je tweet
Saul Procterm 11. pro
Qualys Security Advisory Team: Local Privilege Escalation in OpenBSD's loader (, CVE-2019-19726). Getting root on default install (i386/amd64), by tweaking the environment variables. Exploit and more details at:
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 28. sij
Odgovor korisniku/ci @RichFelker
Also, doing it in libc would be significantly slower (extra syscalls just for this hardening check).
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 28. sij
Odgovor korisniku/ci @RichFelker
You could do this checking in libc (and the races might not matter, but explaining this gets beyond a tweet) rather than in the kernel, and have it configurable too, but doing it in the kernel ensures all existing binaries built with various libc's and other runtimes are covered.
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 28. sij
Odgovor korisniku/ci @RichFelker
I probably misunderstand you as I'm sure you realize that if you force O_EXCL on every O_CREAT, you'd break (too) many existing uses - and not only directly from C programs and such, but also from scripts. The kernel feature checks the target file's directory and is configurable.
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 28. sij
Disclosure/write-up on Linux kernel user-triggerable read-after-free crash or 1-bit infoleak oracle in a userspace security hardening feature of open(2) found/analyzed/fixed by Al Viro (thus effectively by "the vendor"), which I share responsibility for:
Reply Retweet Označi sa "sviđa mi se"
Solar Designer proslijedio/la je tweet
Stephan van Schaik 27. sij
Finally, the disclosure is over! We present CacheOut, a new speculative execution attack to leak data on Intel CPUs via cache eviction despite current mitigations: , Andrew Kwong, Daniel Genkin and
Reply Retweet Označi sa "sviđa mi se"
Solar Designer proslijedio/la je tweet
VUSec 27. sij
Another day, another embargo and addendum! “New” (not really!) variants of the day: L1D evictions (Fig 6, RIDL paper) or and vector registers or . See . As a bonus: a faster RIDL exploit that leaks a root hash in 4s:
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 27. sij
Odgovor korisniku/ci @sys6x @troyhunt
No, why - this is a common occurrence, especially when cracking hashes from multiple sources at once. Openwall's "all.lst" includes same non-English words in utf-8 and iso-8859-1, or in utf-8 and koi8-r and cp1251 for Cyrillic.
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 27. sij
Odgovor korisniku/ci @sys6x @troyhunt
It depends. To crack (nearly) all of the HIBP hashes, yes, you need inputs in multiple encodings.
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 27. sij
Odgovor korisniku/ci @cnbrkbolat @dinodaizovi i 2 ostali
Ah, indeed. I expected this would be the case, but ended up misreading. Thanks.
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 27. sij
Odgovor korisniku/ci @dinodaizovi @singe
Do I get it right that the encryption key is encoded in the filename (not surprised), and that filename is stored on WhatsApp servers (am surprised)? So there's effectively no E2E encryption for media, right? Is this consistent with what (lack of) security WhatsApp claims it has?
Reply Retweet Označi sa "sviđa mi se"
Solar Designer proslijedio/la je tweet
Dino A. Dai Zovi 26. sij
The claim in the FTI forensics report on Bezos’ iPhone that, “due to end-to-end encryption employed by WhatsApp, it is virtually impossible to decrypt the contents of the downloader [.enc file]...” bugged me so much that I coded up how to do it:
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 19. sij
Odgovor korisniku/ci @MGrafnetter @jpgoldberg i 2 ostali
We have a match: $ echo -n '𝓮𝔁𝓪𝓶𝓹𝓵𝓮' | iconv -t utf16 | dd bs=2 skip=1 status=none | openssl md4 (stdin)= bf5b160e133c84572b9fe664bf4c718a but yes, the Windows password dialog might be receiving the string already as UTF-16, and then is showing the stars like it's UCS-2.
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 19. sij
Odgovor korisniku/ci @0xdea @alanc
BTW, since Solaris is open source, your two advisories are also suitable for oss-security. Please feel free to post them.
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 19. sij
Odgovor korisniku/ci @MGrafnetter @jpgoldberg i 2 ostali
Thanks. Your two hashes match what I get with: echo -n ... | iconv -t ucs2 | openssl md4 Can you also try 𝓮𝔁𝓪𝓶𝓹𝓵𝓮 and tweet the resulting hash (if any) to check for UCS-2 vs. UTF-16?
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 19. sij
Odgovor korisniku/ci @TychoTithonus @hops_ch i 3 ostali
Re-processing each leak to identify its encoding(s) is a lot of effort. Besides, it makes some sense to have multiple encodings of the same password in the list if that's how it is in the real life, as this allows for easier matches in the SHA-1 case. But it's trickier with NTLM.
Reply Retweet Označi sa "sviđa mi se"