Nowadays, Bluetooth is an integral part of mobile devices. Smartphones interconnect with smartwatches and wireless headphones. By default, most devices are configured to accept Bluetooth connections from any
nearby unauthenticated device. Bluetooth packets are processed by the Bluetooth chip (also called a controller), and then passed to the host (Android, Linux, etc.). Both, the firmware on the chip and the host Bluetooth subsystem, are a target for Remote Code Execution (RCE) attacks.

One feature that is available on most classic Bluetooth implementations is answering over Bluetooth pings. Everything an attacker needs to know is the device’s Bluetooth address. Even if the target is not discoverable, it typically accepts connections if it gets addressed. For example, an attacker can run l2ping, which establishes an L2CAP connection and sends echo requests to the remote target.

In the following, we describe a Bluetooth zero-click short-distance RCE exploit against Android 9, which got assigned CVE-2020-0022 . We go through all steps required to establish a remote shell on a Samsung Galaxy S10e, which was working on an up-to-date Android 9 when reporting the issue on November 3 2019. The initial flaw used for this exploit is still present in Android 10, but we utilize an additional bug in Bionic (Android’s libc implementation), which makes exploitation way easier. The bug was finally fixed in the security patch from 1.2.2020 in A-143894715.

Source: Insinuator

Mozilla Firefox prior to version 72 suffers from Small Subgroups Key Recovery Attack on DH in the WebCrypto‘s API. The Firefox’s team fixed the issue removing completely support for DH over finite fields (that is not in the WebCrypto standard).

Source: Into The Symmetry

Recently, I experienced I/O issues while trying to scan documents on my Samsung SL-C460W. It has worked flawlessly with Windows 10 before, so seems like something changed in the latest Windows 10 build.

Reinstalling the Samsung scanner driver didn’t help, also scanning by WIA did not work. Communicating with the scanner was no longer possible, while printing works without any issues.

Seems like due to changes in recent Windows 10 builds two file have been removed which are required by the scanner driver to be able to communicate with the device.

Luckily Samsung has provied a fix for that. Officially it’s meant for some other multi-functional device, but it works fine with the C460 series, too.

Find it on the Samsung webpage.

I’m going to guess that the reason that this machine is brain dead, even though it has its primary power rails, is because … Apple.

Source: YouTube

It died because of improper usage: The user caused the CPU to execute instructions. You’re are not supposed to do that! Macbooks are a piece of art, to show to other people that you have money to just throw away. You’re not supposed to do computing with them. Only nerds do that, with their ugly black Thinkpads.

2019-09-25 @ 08:06: RGB Fusion Bugs | Security | WTF

I got frustrated at Gigabyte’s RGB control stuff (I just REALLY want to turn my GPU LEDs off!) so I caved in and started reverse engineering RGB Fusion and OH GOD WHY DID I DO THAT IT IS SO HORRIBLY CURSED

Source: Graham Sutherland [Polynomial^DSS]‏

So, basically, the RGB Fusion software flashes a new firmware when you set a new LED pattern. What an unbelievable mess! What do these software developers do for their living? Ah, yes, the develop software. I see.

Why has the user land software have to take care of this? Instead the firmware should just receive a call from the software and do the necessary steps. No need to flash a firmware for that if you do it correctly.

Still, reading this causes physical pain.

Just noticed the download server of Opera’s offline installation packages responds with an error 502. Checking for updates from within the browser is therefore also broken.

Additionally Opera’s add-ons page is down.

Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels. There are patches that address most of these vulnerabilities. If patches can not be applied, certain mitigations will be effective. We recommend that affected parties enact one of those described below, based on their environment.

2019-06-12 @ 07:59: RAMBleed Bugs | Security

RAMBleed is a side-channel attack that enables an attacker to read out physical memory belonging to other processes. The implications of violating arbitrary privilege boundaries are numerous, and vary in severity based on the other software running on the target machine. As an example, in our paper we demonstrate an attack against OpenSSH in which we use RAMBleed to leak a 2048 bit RSA key. However, RAMBleed can be used for reading other data as well.
RAMBleed is based on a previous side channel called Rowhammer, which enables an attacker to flip bits in the memory space of other processes. We show in our paper that an attacker, by observing Rowhammer-induced bit flips in her own memory, can deduce the values in nearby DRAM rows. Thus, RAMBleed shifts Rowhammer from being a threat not only to integrity, but confidentiality as well. Furthermore, unlike Rowhammer, RAMBleed does not require persistent bit flips, and is thus effective against ECC memory commonly used by server computers.


Now imagine you put your stuff into the cloud ….

These automatisms in browsers are giving me a bad time. Who the hell came unmedicated to the conclusion to let browsers transform emoticons into emojis? Text has to remain text and images have to remain images.

Of course I could add the text presentation selector (&#xFE0E) as suffix to every emoticon I write, but that’s not the point. Also the suffix gets removed upon editing, so I need to add it over and over again. Programmatically scanning all texts and adding the suffix automatically is overkill and results in a huge performance loss.

I found an add-on for Firefox which claims to do disable emojis. But it doesn’t work, and also I don’t want a separate add-on for that. Seems like no one thought of a simple CSS setting to disable this crap. I don’t want smileys, emojis, whatever. This is all so painful.

  • About

    Destabilizing cishetero amatonormativity. Providing disruption as a service. Once you know the way, you see it in all things. Unless you puke, faint or die, keep going. Also we never asked for this. I̸͝t̸̑ ̵̽i̷͗s̶͐ ̵͝a̶͒l̷ ͍r̷ ̗͕e̵͑a̶͌d̸̄y̷̚ ̶̀ ͓͑t̷̚ô̶o̸ ̥ ̶́ ̡l̷͝a̶̽t̵͒ė̶.̸ ̋͑

  • Got something interesting?

    You think you got something which should be on this site? Then contact us. You want something removed from this site, because you think it should not be here? Then go fuck yourself. This is a free website. Free as in freedom. It tolerates every opinion from everyone. However, it does not tolerate things which are illegal according to the Swiss legislation.

  • Disclaimer

    We cannot be held responsible for any kind of direct, indirect or consequential damages caused by the stuff and or opinions we provide here. Use this on your own risk. Don’t blame us if something goes wrong or totally messes up your machine, your life or whatever. If this is unacceptable for you then go away and never come back again. Thank you!