|
escalating all the way to ring0 and then using that access to just make safari load a webpage which escalates all the way to ring0 again through different means is quite the flex
|
# ? Dec 28, 2023 03:36 |
|
|
# ? Jun 8, 2024 06:35 |
|
for anyone wondering about the gpu registers of course marcan just knew all of this off the top of his head: https://social.treehouse.systems/@marcan/111655847458820583
|
# ? Dec 28, 2023 15:34 |
|
quote:I didn't get any money for that one because the way I exploited it didn't apply to normal macOS (I used it to patch DCP code from m1n1), but now a nation state figured out how to use it for a real exploit chain. "Whoops". lol
|
# ? Dec 28, 2023 15:46 |
|
great stuff
|
# ? Dec 28, 2023 16:12 |
|
just got this email obviously this is phishing: it's got grammatical errors, it's urging me to do something financial, it's got a completely different template and color scheme than other emails i get from Frontier (my ISP), and it was sent from the totally not suspicious address of "DoNotReplyFrontierBillPay@billmatrix.com". i bet if i mouse over that sign in link it'll go somewhere suspicious, like oh.
|
# ? Dec 28, 2023 19:01 |
|
lol
|
# ? Dec 28, 2023 19:04 |
|
i mean it's also wrong, my auto bill pay stuff is still set up and working fine as far as i can tell, so who knows
|
# ? Dec 28, 2023 19:05 |
|
seeing a lot of post xmas autopay fuckups. using visa?
|
# ? Dec 28, 2023 19:07 |
|
in a well actually posted:seeing a lot of post xmas autopay fuckups. using visa? no i told you my ISP is Frontier, god you customer support people are useless nah it's not visa and like i said it's completely normal on their site and none of the payments have been missed so i'm assuming someone accidentally triggered that email from Mr. Bill Matrix via poorly thought out database query or whatever
|
# ? Dec 28, 2023 21:24 |
|
i got mad enough at a talk that i'm letting it jump the review queue so someone has time to give a contrary opinion. c3 have been slow on youtube uploads so i'm not posting my reviews until i have a long-term link for videos, but here's the relive link for this one: https://media.ccc.de/v/37c3-12034-the_impact_of_quantum_computers_in_cybersecurity The impact of quantum computers in cybersecurity by Alessandro Luongo - lol talk by a phd who's covered "quantum machine learning". writing quantum algorithms!! okay more seriously they have comically small text on their slides and are doing pretty trivials maths on time to complete a workload with extra parameters with quantum attached to their terms. they do the normal quantum topics: rsa2048->ecc256. post-quantum crypto with lattices, then make up poo poo for the impact of quantum machine learning for cybersecurity. the first two have been covered significantly better by qualified people in previous c3 talks. they go about it weird though by taking theoretical proofs and going "we could make this look better by changing variables", then repeating shor's algorithm like it gives their talk substance. i'm sounding mean here but he's taking a rough cost formula and treating it as a real device to simulate security proofs from. "machine learning is ubiquitous in cybersecurity"???? this is an absurd amount of waste to look into answering "is that domain from a domain generation algorithm", but this 'review' is already too long. he doesn't even talk about anything of substance in the entire talk!? q&a is funny and mostly the speaker saying they implemented algorithms not they they created any, or that they don't have answers. internet question really trips him up lol, take a drink every time he goes "it requires more than one phd", or "i don't know" i'll be honest and reveal my initial brief of this talk (shared with the discord) off of a glance at the abstract now - i smell a rat of a young student and a talk they're not qualified to do, but surprise me... but let this be a great example talk for someone to come in any give a different view. please, i'm serious show me that i'm wrong here. anyway i'm now enjoying some tamdhu and watching the rest of day 2's talks
|
# ? Dec 28, 2023 21:45 |
|
in a well actually posted:seeing a lot of post xmas autopay fuckups. using visa? apple emailed me saying my visa info was wrong and one of my app subs was going to lapse so i should fix it. it was fine but i bought a $25 apple credit to cover it just in case vOv
|
# ? Dec 28, 2023 22:27 |
|
Shame Boy posted:just got this email
|
# ? Dec 29, 2023 00:53 |
|
in a well actually posted:seeing a lot of post xmas autopay fuckups. using visa? i have a theory that the rates of all sorts of administrative errors (most visibly financial and billing type stuff) skyrocket in december due to mid-level employees taking PTO, leaving more junior employees to clean up the resulting messes
|
# ? Dec 29, 2023 00:58 |
|
Cold on a Cob posted:apple emailed me saying my visa info was wrong and one of my app subs was going to lapse so i should fix it. it was fine but i bought a $25 apple credit to cover it just in case vOv I hate Apple's emails when someone tries to reset your iCloud pw Facebook's email for the same thing is 100× better
|
# ? Dec 29, 2023 10:47 |
|
Game mod on Steam breached to push password-stealing malware anytime this sort of thing happens it freaks me out a bit b/c (as a user) how do you defend against malware distributed by a legit developer via a legit source?
|
# ? Dec 29, 2023 15:16 |
|
Cold on a Cob posted:Game mod on Steam breached to push password-stealing malware a functioning justice system
|
# ? Dec 29, 2023 15:35 |
|
Cold on a Cob posted:Game mod on Steam breached to push password-stealing malware as a user I don't know what you can do except in the case of steam games/mods ideally have as little stuff installed at a time as possible so the chance of something you have installed at any given time getting trojaned is hopefully lower? some more isolation would be good but that might be difficult with games especially in windows (maybe it would be easier in steam on linux) mystes fucked around with this message at 16:00 on Dec 29, 2023 |
# ? Dec 29, 2023 15:57 |
|
there’s no good reason for games not to be sandboxed but microsoft turbo-hosed their sandboxing by tying it to their lovely store and game developers will never ever voluntarily do extra work around packaging unless you force them to. treat your gaming pc as permanently potentially compromised and use a different pc (or at least a separate boot) for everything more important than like your netflix password
|
# ? Dec 29, 2023 17:15 |
|
honestly surprised game mods don't cause security issues more often, the whole scene is effectively an ad-hoc unsigned code distribution service I guess part of it is that most game mods are not native executables and run within a segregated environment anyway, this one seems to have been an exception
|
# ? Dec 29, 2023 17:25 |
|
rjmccall posted:there’s no good reason for games not to be sandboxed but microsoft turbo-hosed their sandboxing by tying it to their lovely store and game developers will never ever voluntarily do extra work around packaging unless you force them to. treat your gaming pc as permanently potentially compromised and use a different pc (or at least a separate boot) for everything more important than like your netflix password haveblue posted:honestly surprised game mods don't cause security issues more often, the whole scene is effectively an ad-hoc unsigned code distribution service
|
# ? Dec 29, 2023 17:27 |
|
isolating games from the GPU sounds like a nightmare, but I guess if you’re not worried about someone popping the driver chain that’s OK I wonder if just running as a different user would be worthwhile. not if they have escalation gadgets I suppose
|
# ? Dec 29, 2023 17:30 |
|
Subjunctive posted:isolating games from the GPU sounds like a nightmare, but I guess if you’re not worried about someone popping the driver chain that’s OK On the other hand, consider that chromebooks are now able to run steam and the games in a vm and it's pretty ridiculous that you can't do that on windows. I guess it would be kind of ridiculous to run games using proton in a linux vm on windows but wsl2 could probably theoretically already do that I can't remember but maybe wsl2 uses a more traditional approach to gpu acceleration, and I don't know if if steam on chromeos does that or actual gpu virtualization? I assume gpu virtualization would be possible as long as nvidia would to deign to allow it mystes fucked around with this message at 17:36 on Dec 29, 2023 |
# ? Dec 29, 2023 17:33 |
|
mystes posted:I haven't looked into it but if they're distributed with steam can't they just do whatever even if mods for a given game aren't supposed to be native executables? I'm not that familiar with steam workshop but doesn't it handle the download and install process itself? if all it does is write files to the place where the game will search for mods without ever running a user-provided script, that's already more secure than downloading and running a binary either way, the article says this mod was not distributed through steam workshop
|
# ? Dec 29, 2023 17:35 |
|
haveblue posted:I'm not that familiar with steam workshop but doesn't it handle the download and install process itself? if all it does is write files to the place where the game will search for mods without ever running a user-provided script, that's already more secure than downloading and running a binary
|
# ? Dec 29, 2023 17:38 |
|
mystes posted:some more isolation would be good but that might be difficult with games especially in windows (maybe it would be easier in steam on linux) steam on linux "installs" its own windows (wine prefix) instance for every separate game you run through proton already. it still has access to your files for savegame/screenshot convenience purposes etc, but you can limit that by setting which "drives" wine can see (default behavior is / on Z: and homedir on X: iirc), so properly sandboxing it should be trivial in theory for game servers, it's trivial to just adduser for a game and use steamcmd to download/update as that user instead to prevent bullshit, too
|
# ? Dec 29, 2023 17:45 |
|
Truga posted:steam on linux "installs" its own windows (wine prefix) instance for every separate game you run through proton already. it still has access to your files for savegame/screenshot convenience purposes etc, but you can limit that by setting which "drives" wine can see (default behavior is / on Z: and homedir on X: iirc), so properly sandboxing it should be trivial in theory
|
# ? Dec 29, 2023 17:48 |
|
Subjunctive posted:isolating games from the GPU sounds like a nightmare, but I guess if you’re not worried about someone popping the driver chain that’s OK do GPU's have virtualization instructions like CPU's do or have i just come up with a terrifying glimpse of the future
|
# ? Dec 29, 2023 17:53 |
|
Truga posted:steam on linux "installs" its own windows (wine prefix) instance for every separate game you run through proton already. it still has access to your files for savegame/screenshot convenience purposes etc, but you can limit that by setting which "drives" wine can see (default behavior is / on Z: and homedir on X: iirc), so properly sandboxing it should be trivial in theory wine-using programs aren’t restricted to the wine APIs, they can call open(2) and such just fine if they want to (which is what the implementation of win32.dll or whatever is doing underneath) wine doesn’t help with sandboxing against malware at all, let alone make it trivial
|
# ? Dec 29, 2023 18:01 |
|
mystes posted:are you saying properly sandboxing with containers or just relying on which drives are exposed via windows apis? I'm sure nobody has bothered exploiting wine so far but I'm having trouble believing that wine is actually secure against malicious software. doesn't properly designed malware bail out if it detects it's being run under a debugger or an emulation/virtualization environment? so if anything wine should be more secure than running software on native windows, right
|
# ? Dec 29, 2023 18:16 |
|
shackleford posted:doesn't properly designed malware bail out if it detects it's being run under a debugger or an emulation/virtualization environment? so if anything wine should be more secure than running software on native windows, right if i were writing malware and i detected you were running wine i would make the malware more visibly aggressive cuz I know it would bother the average linux user way more
|
# ? Dec 29, 2023 18:19 |
|
Shame Boy posted:if i were writing malware and i detected you were running wine i would make the malware more visibly aggressive cuz I know it would bother the average linux user way more i would just uninstall myself because linux users are poor so there's no money to be made
|
# ? Dec 29, 2023 18:21 |
|
Subjunctive posted:wine-using programs aren’t restricted to the wine APIs, they can call open(2) and such just fine if they want to (which is what the implementation of win32.dll or whatever is doing underneath)
|
# ? Dec 29, 2023 18:21 |
|
shackleford posted:doesn't properly designed malware bail out if it detects it's being run under a debugger or an emulation/virtualization environment? so if anything wine should be more secure than running software on native windows, right
|
# ? Dec 29, 2023 18:21 |
|
Shame Boy posted:do GPU's have virtualization instructions like CPU's do or have i just come up with a terrifying glimpse of the future it depends and is complicated. future bulletins as events warrant, please like and subscribe
|
# ? Dec 29, 2023 18:35 |
|
can’t believe posters forgot that wine is not an emulator
|
# ? Dec 29, 2023 19:00 |
|
nrook posted:can’t believe posters forgot that wine is not an emulator They forgot
|
# ? Dec 29, 2023 19:12 |
|
rjmccall posted:it depends and is complicated. future bulletins as events warrant, please like and subscribe any cool registers you want to tell us about, on the dl?
|
# ? Dec 29, 2023 19:29 |
|
on the dll
|
# ? Dec 29, 2023 20:10 |
|
mystes posted:On the other hand, consider that chromebooks are now able to run steam and the games in a vm and it's pretty ridiculous that you can't do that on windows. what? since when? do they ship with the specialized (e.g. datacenter) gpus that allow for virtualization cause i thought that whole scene was still largely hosed and a house of cards for consumer gpus
|
# ? Dec 29, 2023 20:13 |
|
|
# ? Jun 8, 2024 06:35 |
|
Mr. Crow posted:what? since when? do they ship with the specialized (e.g. datacenter) gpus that allow for virtualization cause i thought that whole scene was still largely hosed and a house of cards for consumer gpus I think nvidia just doesn't want people to be able to use it in normal VMs with consumer cards so it's probably locked behind some sort of license key like their screen capture api, but that doesn't mean the support isn't complete and present in those cards; nvidia just sucks (although incidentally it seems like google already decided to stop putting nvida gpus in chromebooks, but intel integrated graphics are ok for a lot of casual games) mystes fucked around with this message at 20:29 on Dec 29, 2023 |
# ? Dec 29, 2023 20:26 |