For a recent project, I had to do research into methods rootkits are detected and the most effective measures to catch them when I asked the question, what are some existing solutions to rootkits and how do they function? My search eventually landed me on the TrendMicro RootkitBuster which describes itself as “A free tool that scans hidden files, registry entries, processes, drivers, and the master boot record (MBR) to identify and remove rootkits”.

The features it boasted certainly caught my attention. They were claiming to detect several techniques rootkits use to burrow themselves into a machine, but how does it work under the hood and can we abuse it? I decided to find out by reverse engineering core components of the application itself, leading me down a rabbit hole of code that scarred me permanently, to say the least.

Source: Bill Demirkapi

There was a time when people said, there are no or at least less exploits and stuff for Apple devices. Well, these time are over. Zerodium does no longer accept exploits for Apple devices and software due to too many being reported.

We will NOT be acquiring any new Apple iOS LPE, Safari RCE, or sandbox escapes for the next 2 to 3 months due to a high number of submissions related to these vectors. Prices for iOS one-click chains (e.g. via Safari) without persistence will likely drop in the near future.

Source: Zerodium

The server installer, perhaps other installers, will log LUKS passwords used on the system via:

– installer/subiquity-curtin-install.conf

 – {volume: disk-sda, key: …

– curtin/install.log

get_path_to_storage_volume for volume dm_crypt-0({‘volume’: ‘disk-sda’, ‘key’: …
        get_path_to_storage_volume for volume dm_crypt-0({‘volume’: ‘disk-sda’, ‘key’: …

Source: Ubuntu bug-tracker

A fix has been released, so you know the drill.

Nowadays, Bluetooth is an integral part of mobile devices. Smartphones interconnect with smartwatches and wireless headphones. By default, most devices are configured to accept Bluetooth connections from any
nearby unauthenticated device. Bluetooth packets are processed by the Bluetooth chip (also called a controller), and then passed to the host (Android, Linux, etc.). Both, the firmware on the chip and the host Bluetooth subsystem, are a target for Remote Code Execution (RCE) attacks.

One feature that is available on most classic Bluetooth implementations is answering over Bluetooth pings. Everything an attacker needs to know is the device’s Bluetooth address. Even if the target is not discoverable, it typically accepts connections if it gets addressed. For example, an attacker can run l2ping, which establishes an L2CAP connection and sends echo requests to the remote target.

In the following, we describe a Bluetooth zero-click short-distance RCE exploit against Android 9, which got assigned CVE-2020-0022 . We go through all steps required to establish a remote shell on a Samsung Galaxy S10e, which was working on an up-to-date Android 9 when reporting the issue on November 3 2019. The initial flaw used for this exploit is still present in Android 10, but we utilize an additional bug in Bionic (Android’s libc implementation), which makes exploitation way easier. The bug was finally fixed in the security patch from 1.2.2020 in A-143894715.

Source: Insinuator

Mozilla Firefox prior to version 72 suffers from Small Subgroups Key Recovery Attack on DH in the WebCrypto‘s API. The Firefox’s team fixed the issue removing completely support for DH over finite fields (that is not in the WebCrypto standard).

Source: Into The Symmetry

Recently, I experienced I/O issues while trying to scan documents on my Samsung SL-C460W. It has worked flawlessly with Windows 10 before, so seems like something changed in the latest Windows 10 build.

Reinstalling the Samsung scanner driver didn’t help, also scanning by WIA did not work. Communicating with the scanner was no longer possible, while printing works without any issues.

Seems like due to changes in recent Windows 10 builds two file have been removed which are required by the scanner driver to be able to communicate with the device.

Luckily Samsung has provied a fix for that. Officially it’s meant for some other multi-functional device, but it works fine with the C460 series, too.

Find it on the Samsung webpage.

I’m going to guess that the reason that this machine is brain dead, even though it has its primary power rails, is because … Apple.

Source: YouTube

It died because of improper usage: The user caused the CPU to execute instructions. You’re are not supposed to do that! Macbooks are a piece of art, to show to other people that you have money to just throw away. You’re not supposed to do computing with them. Only nerds do that, with their ugly black Thinkpads.

2019-09-25 @ 08:06: RGB Fusion Bugs | Security | WTF

I got frustrated at Gigabyte’s RGB control stuff (I just REALLY want to turn my GPU LEDs off!) so I caved in and started reverse engineering RGB Fusion and OH GOD WHY DID I DO THAT IT IS SO HORRIBLY CURSED

Source: Graham Sutherland [Polynomial^DSS]‏

So, basically, the RGB Fusion software flashes a new firmware when you set a new LED pattern. What an unbelievable mess! What do these software developers do for their living? Ah, yes, the develop software. I see.

Why has the user land software have to take care of this? Instead the firmware should just receive a call from the software and do the necessary steps. No need to flash a firmware for that if you do it correctly.

Still, reading this causes physical pain.

Just noticed the download server of Opera’s offline installation packages responds with an error 502. Checking for updates from within the browser is therefore also broken.

Additionally Opera’s add-ons page is down.


  • About

    We never asked for this.