Hacking News
-
The authorities of several towns in Northrhine-Westphalia are currently offline after a hacker put their IT provider Südwestfalen-IT out of service. Now you cannot marry there, cannot register a car, ...
Paywalled source in moon language:
-
@BernieTheBernie said in Hacking News:
Now you cannot marry there
: By the way, we'll have to cancel the wedding.
: Wh.. what? You don't love me anymore?!
: Nope, it's just because of a hacker.
: You mean... you're leaving me for some sort of script kiddy?!
-
@Zerosquare Modern times!
Welcome to the Wonderfool World of Tomorrow!
-
Hacked or just software fückup?
Half Australia without internetz:
-
@BernieTheBernie said in Hacking News:
Wait a moment - ... a rabbit digging a hole destroyed a cable and brought everything down under?
Alice did that when she fell in.
-
It's usually the russians!
-
@Zecc said in Hacking News:
@topspin said in Hacking News:
@Bulb holy wow, I had no idea there are so many weird-ass performance counters.
Filed under: xkcd 37
You know, we have a TDWTF version of that one: https://what.thedailywtf.com/topic/24502/new-skype-sucks-big-green-donkey-dicks-hows-that-for-a-longer-title/102
-
Without comment. Might end up in the garage.
-
I wonder if Blue Noroff are advertising vacancies on LinkedIn.
-
@topspin said in Hacking News:
Also super annoying, not sure if Chrome or ChrEdge, is when you start typing in the address bar up top on a new page tab and the text ends up in the search field in the middle of the page
Chrome likes to pretend that the new tab page is really just the awesome bar extended. I guess it works the other way too...
-
-
-
@boomzilla Targeting people using code obfuscation is fairly smart.
-
@dkf said in Hacking News:
code obfuscation
You say
code obfuscation
? Come on, that is just Kevin class clean code!
-
@BernieTheBernie said in Hacking News:
@dkf said in Hacking News:
code obfuscation
You say
code obfuscation
?I do.
pyobf
is probably an obfuscation system for python, and the reported bad packages are trying to sound like it. (They can't intercept the name directly; that's "owned" by actual developers.)
-
Oopsie!
-
FFS Canada. Surely you could have assigned a moose or two to prevent this.
-
Xmas sales by hackers. British library was hacked, you can buy some data now:
-
Tools for AI have some vulnerabilities. One of them even got a 10 out of 10 rating. Was it created by AI?
-
@BernieTheBernie … github does not even reference the package, the nist page doesn't either and huntr.com isn't responding, but that might be a defect on my receiver. The https://www.cve.org/CVERecord?id=CVE-2023-6019 is a bit better though:
- Product: ray-project/ray
- Assigner: Protect AI
Does indeed look like an AI filed it.
There's a JSON view so let's have a look…
- ….providerMetadata.shortName = @huntr_ai
Looks even more like an AI filed it.
and the vendor and package look like they are the parts of the SPDX identifier one would use for automatic matching of vulnerabilities to their systems … hopefully.
-
@Bulb said in Hacking News:
huntr.com isn't responding
:worksforme.png.exe:
Actual people seem to be involved. The discussion goes something like this
- Maintainer: Ray essentially provides for remote code execution by design, so not a big deal.
- Reporter: But unauthenticated anonymous requests!
- Maintainer: Don't expose to interwebs, outer security layer. Out of scope.
Etc etc.
Some other person points out that even if you refuse connections from outside, somebody could still craft a form/link/request that goes to localhost and exploits it on machines where the thing is running.
There's also a shodan scan for people who are running the software publicly.
I'm undecided. Seems to be an intrinsic problem with serving html from a local http as a means of UI. Not being supposed to run this on a public server but doing so anyway is clearly out of scope for the project. Running something that is suid and can (relatively) easily let others execute stuff with elevated privileges is kinda spicy.
Hmm.
-
@cvi said in Hacking News:
Some other person points out that even if you refuse connections from outside, somebody could still craft a form/link/request that goes to localhost and exploits it on machines where the thing is running.
[…]
Seems to be an intrinsic problem with serving html from a local http as a means of UI.Actually that's just XSRF, every web app has to deal with that, either by using XSRF tokens or by carefully checking referer and origin headers. Basically an app running on localhost is authenticated by IP address and otherwise has to observe all
Not being supposed to run this on a public server but doing so anyway is clearly out of scope for the project.
When checking referer and origin, they could hardcode
localhost
(plus port, preferably the specific one it's currently running at) there, which would break it when exposed to another host and hopefully sufficiently indicate to any lazy sysadmin that they shouldn't be running it over non-local network.
That said it would be nice to be able to – easily, there are some hard-ish ways – also check the UID of the connecting process, at least on Linux, to make it secure on multi-user systems.
-
Here is the original moon language link to the Ray vulnerabilty (and some more):
-
-
Gone from 1% to all affected. Wonder what else they’ve not said.
-
@DogsB Wonderful. My current employer (client) uses Okta.
-
@DogsB said in Hacking News:
Wonder what else they’ve not said.
They're looking at bringing in security experts who used to run goatse.cx?
-
Install IBM Security Guardium for superior user experience: instead of fucking around with complicated assembler exploits, you and everybody else on the internet get remote code execution by simply putting commands in a CSV file! ✨
-
23andMe was mentioned somewhere above. Meanwhile, the number of affected customers is still increasing ( ) :
-
This should be funny. Patreon tried this. Cost them more in legal fees.
-
@DogsB TOS: we can do whatever we want.
Try this one weird trick to fuck over customers. Judges hate it.
-
@loopback0 said in Hacking News:
Okta. Again.
YOU ARE THE FUCKING 2FA COMPANY WHAT THE FUCK DO YOU MEAN STOLEN CREDENTIALS
-
@Gustav said in Hacking News:
@loopback0 said in Hacking News:
Okta. Again.
YOU ARE THE FUCKING 2FA COMPANY WHAT THE FUCK DO YOU MEAN STOLEN CREDENTIALS
That's the beauty of OAuth2! You can replace user passwords with passwords stored in plain text in AppData directories, call it multifactor, and still blame your customers when it goes wrong by using fancy words such as "credential stuffing"!
-
@Gustav said in Hacking News:
@loopback0 said in Hacking News:
Okta. Again.
YOU ARE THE FUCKING 2FA COMPANY WHAT THE FUCK DO YOU MEAN STOLEN CREDENTIALS
More factors needed!
-
@loopback0 ALL THE FACTORS!
-
Seriously though, if this doesn’t spell corporate death for such a company, it’s no wonder everybody else just considers customer data leaks as a normal billable expense instead of investing in security.
-
@topspin said in Hacking News:
Seriously though, if this doesn’t spell corporate death for such a company, it’s no wonder everybody else just considers customer data leaks as a normal billable expense instead of investing in security.
It should as this isn't even the first time for Okta, but it won't.
Big companies who have implemented Okta have spent large amounts of money doing so, and it allows them to point the finger at Okta if it all goes horribly but inevitably wrong.
-
"ScapeGoat, Inc. -- we'll take the blame for all your company's problems. Learn how millions of wash their hand of responsibility every day with us."
Time to pitch the idea to investors. Who's with me?
-
-
@boomzilla 4 and 6 can be factors too. They won't be prime factors, but they can be factors nonetheless.
-
@PleegWat said in Hacking News:
They won't be prime factors,
Second class factors, fit for little more than animal feed...
-
@PleegWat said in Hacking News:
They won't be prime
We're not some greasy spoon here that deals with steaks of unknown quality.
-
You people will ruin anything with Math.
-
-
@boomzilla said in Hacking News:
@topspin said in Hacking News:
@loopback0 ALL THE FACTORS!
2, 3, 5, 7, ... etc
That's a really
prime
list of numbers!
-
Tuesday afternoon, the ransomware operation "unseized" their data leak site to regain control of the URL and claimed that the FBI gained access to a data center they were using to host servers.
As both the ALPHV operators and the FBI now control the private keys used to register the data leak site's onion URL in Tor, they can go back and forth, seizing the URL from each other, which has been done throughout the day.
As part of ALPHV's unseizure message, the gang announced the launch of a new Tor URL for their data leak site that the FBI does not have the private keys for and thus cannot seize. BleepingComputer has purposely redacted this URL from the image above.
-
-
Bad häckerz used
Lockbit
ransomware to attack hospitals in germany on xmas day:
TFA says that the providers of
Lockbit
are not happy with their partners using the ransomware with hospitals, and in the past even provided decryption software to a children's hospital. There may be some hope for these hospitals...
-
Watch out for the recording of this talk. If anything ever reeked of intentional backdooring on Apple's part it's this. They burned a few million dollars worth of 0days yesterday.
-
Words for and description of the above:
Here’s a picture to get started, but the ‘kernel exploit’ specifically is the thing of interest here and they have far more details.
In essence, as I understand, using hardware registers beyond the firmware to get around hardware memory protections. I saw mention elsewhere that they’re probably related to ECC.