infosec

/infosec985

Discussions about information security and privacy

Hey look, for 10 dollars you can build a malicious RAM module that allows you to pop open TEEs, and have full access to the encrypted memory space:
https://badram.eu/
40% of security leaders said Access Management is their top pain point.

how do you know who needs access to what? and for how long?

https://mayakaczorowski.com/blogs/what-sucks-in-security
Coinbase’s risk models flag VPN usage as a negative sign since attackers always use VPNs, and their recommendation is not to use a VPN when accessing Coinbase.

Thoughts?
https://x.com/mantej/status/1863968648022446246?s=46&t=dO0uo_CgV6MrB7N3NkVjDA
Great opening paragraph.

“It's not often that you find yourself staring at code that few people have ever seen, code that was an important part in bringing down the apartheid system in South Africa, and code that was used for secure communication using one-time pads smuggled into South Africa by a flight attendant on floppy disks.”

http://blog.jgc.org/2024/09/cracking-old-zip-file-to-help-open.html
https://x.com/z0r0zzz/status/1846863605834436697?t=brmSFT-Bex2Ft6MBO68SQQ&s=19
(h/t @z0r0z )

my major gripe w/ "we're optimizing app-level security around a central point of infra" is that it inherently invites neverending oncall employment.

DAO-deployed ENS fixes this.

if we're not pounding this drum, what's the point?
Go update your Firefox now, or you could be drained without even manually signing a transaction.
https://x.com/pcaversaccio/status/1842860274014917115?t=cOMuVIPAML-vOgadU2yN5g&s=19

security is only attainable by going deeper than the typical social/mobile experience.

then again, the issue may be less consistent copycats with sketchy infra, speaking to more of an attention problem.
Anyone think we're going to see NITRO ZEUS as part of all this Iran chaos?

Supposedly an apocalypse level "cyber weapon" designed to destroy all aspects of Iranian Infrastructure as a contingency plan in case they ever get out of hand.

https://en.wikipedia.org/wiki/Nitro_Zeus
They found a way to install a malicious printer remotely and then achieve ACE whenever a print job is sent to that printer. This is actually kind of insane.

Quick Summary:
------
A series of bugs in the CUPS printers discovery mechanism (cups-browsed) and other CUPS components can be chained together to allow remote code execution. This vulnerability affects many GNU/Linux distributions, Google ChromeOS, most BSDs, and possibly other systems.

The exploit chain involves:
cups-browsed discovers a printer via UDP probe or DNS-SD
It connects to the reported IPP server and fetches properties
These properties are saved to a temporary PPD file.

FoomaticRIPCommandLine can execute any command and IPP attributes are never sanitized The discovery mechanism trusts ANYTHING from *:631 or mDNS

By returning malicious IPP attributes from a rogue printer server, an attacker can inject malicious commands into the PPD file, giving them ACE.
------
https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1