Schneier on Security

ResearcherZero • March 30, 2024 2:10 AM

“It’s the weirdest thing.” – Because in a quirk of geography and history, Hawaii is not technically covered by the NATO pact.

‘https://edition.cnn.com/2024/03/29/us/nato-treaty-hawaii-intl-hnk-ml-dst/index.html

Very early on, NATO leaders realized that the benefits of the alliance extended beyond military security and included economic stability as well.
Virtually all Eastern and Central European countries that joined NATO experienced major gains in GDP per capita as a result of their membership.

NATO also provided its member nations with a status as safe havens in which to invest and with which to trade. This brought broad and deep benefits to member nations, including the US. US exports to new NATO member countries rose from $900 million in 1989 to $9.4 billion in 2016.

Paring back US security arrangements could portend, say the report’s authors, a serious hit to the US economy — “a 50% reduction in security agreements would cause US GDP to fall by as much as $490 billion, about 2% of the U.S. GDP in 2021.”

‘https://www.wilsoncenter.org/article/criticism-nato-ignores-its-economic-benefit-us

ResearcherZero • March 30, 2024 2:33 AM

@Clive

analysis so far of impact on sshd

It appears to wait for “RSA_public_decrypt () got plt” to be resolved.
When called for that symbol, the backdoor changes the value of RSA_public_decrypt () got plt to point to its own code.

…during a pubkey login the exploit code is invoked

Still being analyzed.

‘https://seclists.org/oss-sec/2024/q1/268

–

The “enemy”, “hypocrite” and a “global arrogant and colonial power”

The capacity of authoritarian states to manipulate narratives and undermine the authority of western democracies is increasingly emphasized in International Relations research. Far less scrutiny has been paid to the ways in which the media environment creates communication vulnerabilities for these same repressive states.

Trump’s escalatory attack played into the Iranian state narrative that Iran is resisting western ‘imperialism’ and standing up for the oppressed in the world. Iran’s former ambassador to the UN, Majid Takht Ravanchi, described it as ‘an obvious example of state terrorism’. Given that the US has designated Iran as a ‘state sponsor of terrorism’, this was a chance to turn the tables in terms of rhetoric. …When other actors buy into the narratives promoted by a state, the latter’s legitimacy and power are heightened.

We question this idea that authoritarian states are winning the communication battle, demonstrating that they have important vulnerabilities as well.

For commentators such as Lajevardi, Soleimani was no soldier defending the Iranian nation from outside threats; he was a defender of the regime and had been the second most important person involved in internal repression. These commentators denied that the Islamic Republic was acting in the national interest. In their eyes, the regime was only fighting for itself. Lajevardi attacked the idea of ‘national unity’ in the Islamic Republic, instead describing a deep divide between state and society.

‘https://academic.oup.com/ia/article/99/6/2465/7280011

“One can always be sorry for the killing of an individual, but I refer to Khamenei who said that ‘we have never seen anything but good from him’. In reality, the only good he did was for the promotion of the regime and ideology of the Islamic Republic. To Sajjadi who says that millions of people participated in his ceremonies, I ask: were the families of the 1,500 or so people killed in the November protests part of the people you saw [in the funeral], or the 60 million who live in poverty in Iran. Those whom the regime say were ‘led by outside forces’, were they not part of the Iranian nation?” – Hossein Lajevardi, (sociologist) ‘https://t.me/bbcpersian/56261

“This crowd has no political value in my opinion. Hitler also took his crowd to the streets. Mussolini the same. Stalin took his crowds to the streets … We must look for democratic institutions such as elections, political parties and free media to evaluate the freedom of the people.” – Hassan Hashemian, (journalist, Czech Republic) ‘https://t.me/bbcpersian/56280

–

Authoritarian regimes in the 21st century have increasingly turned to using information control rather than kinetic force to respond to threats to their rule. This paper studies an often overlooked type of information control: strategic labeling and public statements by regime sources in response to protests.

Labeling protesters as violent criminals may increase support for repression by signaling that protests are illegitimate and deviant. Regime sources, compared to more independent sources, could increase support for repression even more when paired with such an accusatory label. Accommodative labels should have opposing effects—decreasing support for repression. The findings suggest that negative labels de-legitimize protesters and legitimize repression while the sources matter less in this contentious authoritarian context.

‘https://ash.harvard.edu/sites/hwpi.harvard.edu/files/ash/files/democracy_and_authoritarianism_in_the_21st_century-_a_sketch.pdf

Defending Democracy will be harder than most assume, as political systems with radically simple beliefs are inherently appealing, especially when they benefit the loyal, to the exclusion of everyone else.

“We have seen for example, what it looks like in Hungary to have a prime minister who, once he took power, began to subtly and unsubtly alter the political system, to make it very difficult for him to lose another election. And we saw the same thing in Poland. But these things are not always immediately obvious.”

https://news.asu.edu/20201218-global-engagement-democracy-under-siege-author-warns-about-appeal-authoritarianism

ResearcherZero • March 30, 2024 3:34 AM

Unlike the setuid bit, the setgid bit has effect on both files and directories. Wall messages are often disabled by admins for a very good reason. Old bugs…

‘https://unix.stackexchange.com/questions/313549/why-cant-i-send-messages-with-the-wall-command

“The util-linux wall command does not filter escape sequences from command line arguments. This allows unprivileged users to put arbitrary text on other users’ terminals, if mesg is set to “y” and wall is setgid.” On systems that allow wall messages to be sent, an attacker could potentially alter a user’s clipboard through escape sequences on select terminals like Windows Terminal. It does not work on GNOME Terminal. CVE-2024-28085 impacts Ubuntu 22.04 and Debian Bookworm as these two criteria are met.

(you could escalate privileges with a crafted message for example – and do nasty stuff)

Disable ‘setgid’ for wall, or disable wall messages for the user account (mesg n -v).

‘https://github.com/skyler-ferrante/CVE-2024-28085

ResearcherZero • March 30, 2024 4:55 AM

@Clive

A popular routine here is the old ‘dismissal on medical grounds’.

“The inquiry into alleged Special Forces’ war crimes in Afghanistan set out to give “blanket exemption” of accountability for the highest levels of the ADF and Defence.”

‘https://www.couriermail.com.au/news/national/new-report-blows-up-brereton-inquiry-into-alleged-special-forces-war-crimes/news-story/8b89f22cdc680c81fe5caa1e48ca6e13

“The government is no doubt hoping this will all just go away. …There is a culture of cover-up at the highest levels of the Australian Defence Force. It is the ultimate boys’ club.

https://www.themonthly.com.au/the-politics/martin-mckenzie-murray/2023/06/20/sending-out-sas

It found “credible” evidence of allegations that 25 Australian soldiers had murdered 39 Afghan civilians, and pointed to a disturbing “warrior culture” that had developed within elements of the elite Special Air Service Regiment. Prosecutors allege that Schulz, 41, murdered an Afghan man while deployed to Afghanistan with the ADF in an incident unrelated to Roberts-Smith.

The inquiry has found “credible information” that junior soldiers were required by their patrol commanders to shoot a prisoner, in order to achieve the soldier’s first kill, in a practice known as “blooding”. “Throwdowns” — other weapons or radios — would be planted with the body, and a “cover story” was created.

‘https://www.smh.com.au/politics/federal/the-reckoning-over-afghanistan-war-crimes-is-only-just-beginning-20230530-p5dciz.html

“some guys went up the Congo, and … yes, [that] could have applied to Mr Roberts-Smith”

https://www.smh.com.au/national/110-days-41-witnesses-and-15-key-questions-to-answer-what-the-ben-roberts-smith-case-was-about-20230209-p5cjdp.html

–

Mercer painted a picture of a combination of offhand arrogance from senior officers and a lack of interest and accountability on the part of ministers.

‘https://www.theguardian.com/commentisfree/2024/mar/12/britain-war-afghanistan-special-forces-sas-johnny-mercer

Johnny Mercer has until 5 April to provide a witness statement with the names to an independent inquiry. Failure to comply could result in a jail sentence or fine, the MP was told.

The chair of the inquiry, Sir Charles Haddon-Cave, previously told the minister: “You need to decide which side you are really on, Mr Mercer.”

Mr Mercer repeatedly refused to reveal the identities of whistle-blowers who he said had warned him there might be truth to the allegations of extrajudicial killings by special forces. Mr Mercer told the inquiry last month: “The one thing you can hold on to is your integrity and I will be doing that with these individuals.”

The inquiry is investigating whether British special forces killed civilians and unarmed people on night raids in Afghanistan between 2010 and 2013.

‘https://www.bbc.co.uk/news/uk-politics-68662384

‘https://iiaweb-prod.s3.eu-west-2.amazonaws.com/240313_JM_amended_s.21_Notice-For-publication_Redacted-Annex-A.pdf

ResearcherZero • March 30, 2024 6:33 PM

@vas pup

DW are driving traffic away from their site, which is a pity as the videos are good.

I’ve pretty much avoided DW since they changed the website.

–

‘https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/

ResearcherZero • March 30, 2024 8:14 PM

@vas pup

Australia is waking up to the fact it needs to look at it’s supply chain…

More than 3.7 million Australian homes have installed rooftop solar – the highest uptake rate in the world. But only about 1% of those panels are locally manufactured, with Adelaide-based Tindo Solar being the only homegrown solar panel manufacturer.

“ARENA will look at the entire supply chain from ingots and wafers to cells, module assembly and related components, including solar glass, inverters, advanced deployment technology and solar innovation.”

‘https://www.pv-magazine.com/2024/03/28/australia-announces-pit-to-panel-solar-manufacturing-program/

State government clearing the way to fast-track production.
https://www.pv-magazine-australia.com/2024/03/25/state-smooths-way-for-quinbrook-polysilicon-plant-plans/

New steel pellets could be processed in furnaces that use hydrogen.

‘https://www.abc.net.au/news/2022-08-24/gfg-alliance-says-green-steel-production-a-step-closer/101368634

160-tonne electric arc furnace would lift steel making capacity at the Whyalla plant from 1 million tonnes annually to about 1.5 million tonnes.

https://www.afr.com/companies/manufacturing/sanjeev-gupta-in-500m-push-to-make-whyalla-steelworks-greener-20230403-p5cxm8

–

“Artificial intelligence helps us in two ways. One is mapping, and the other is genetic studies focusing on kelps’ tolerance to warm water.”

It is estimated that 95% of Australian kelp forests have died due to ocean warming. The loss of the dense canopy-forming giant kelp forests along Tasmania’s coastline has devastated the dense, sheltered habitat they created for a wide range of fish and invertebrates, including commercially valuable species such as abalone and lobster.

‘https://www.csiro.au/en/news/All/News/2024/February/National-collaboration-to-save-Australias-invisible-endangered-forest-of-giant-kelp-using-AI

Kelp also act as the trophic foundation of coastal food-webs by providing food for a suite of grazers, detritivores, and microbes – the effects of which can reach to adjacent reef, seagrass, and sediment communities, as well as to deep waters and beyond the continental shelf.

This plant community serves as an underwater forest, providing habitat for thousands of marine creatures ranging from small penguins to leafy sea dragons.

‘https://www.frontiersin.org/articles/10.3389/fmars.2020.00074/full

ResearcherZero • March 30, 2024 9:44 PM

@Clive

Re: backdoor in upstream xz/liblzma leading to ssh

This is pretty gnarly…

analysis of the bash obfuscation part of the backdoor

‘https://gynvael.coldwind.pl/?lang=en&id=782

The hooked RSA_public_decrypt verifies a signature on the server’s host key by a fixed Ed448 key, and then passes a payload to system(). It’s RCE, not auth bypass, and gated/unreplayable.

The payload is extracted from the N value (the public key) passed to RSA_public_decrypt, checked against a simple fingerprint, and decrypted with a fixed ChaCha20 key before the Ed448 signature verification.

‘https://www.openwall.com/lists/oss-security/2024/03/30/36

ResearcherZero • March 31, 2024 11:43 PM

The competition of ideas is beneficial, whereas the thuggery of violence is most often counterproductive. Excellence withers without an adversary, it has been said.

ResearcherZero • April 1, 2024 3:16 AM

Telstra had stored the wrong alternative number for eight emergency services which prevented manual transfer of calls.

Secondary database failure “triggered an existing but previously undetected software fault”.

‘https://www.itnews.com.au/news/telstra-explains-why-triple-zero-transfers-failed-606461

–

A rundown of CVE-2024-1086 bug in kernel versions v5.14 to v6.6.14 -including hardened versions. (drop a root shell)

‘https://pwning.tech/nftables/

–

Checklist for the xz backdoor.

‘https://xeiaso.net/notes/2024/xz-vuln/

Flowchart (as presently understood)

‘https://infosec.exchange/@fr0gger/112189232773640259

And the list of packages if you need to check.

‘https://repology.org/project/xz/versions

ResearcherZero • April 2, 2024 2:25 AM

@vas pup

That is the annoying thing. They don’t put all their videos on youtube, to force users to their site. Youtube also deliberately breaks alternate services by changing aspects of it’s implementation. A petty and anti-competitive strategy employed by large tech companies who regularly steal, crush and absorb others, then lie about it. And gank everyone’s data.

Google agrees to partially delete some data collected in ‘Igocnito Mode’ to avoid $5b fine.

‘https://www.documentcloud.org/documents/24527732-brown-v-google-llc-settlement-agreement

–

@Clive

I’m a cruel and precision targeting god, not one of the old ones. But I do dilly-dally and take my time to re-check and re-confirm the targeting to avoid civilian casualties. On occasion, I spend so much time, everyone dies because I forgot to eliminate the threat.

At other times, I’m so unimpressed with the majority of behaviour, I refrain purposely.

–

PROXYLIB – A cluster of VPN apps is secretly turning phones into proxy nodes.

“The LumiApps platform promotes itself and its SDK as an alternative app monetization method to rendering ads to users. According to their FAQ and available information, the platform rewards developers with cash payment based on the amount of traffic that gets routed through user devices.”

‘https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes

–

The deliberate use of starvation is a blatant violation of international law.

Criminal intent does not require the attacker’s admission but can also be inferred from the totality of the circumstances of the military campaign.

‘https://www.theguardian.com/world/2024/apr/02/australia-icj-judge-hilary-charlesworth-israel-suspend-gaza-idf-military-operation

Intentionally starving civilians by “depriving them of objects indispensable to their survival, including willfully impeding relief supplies” is also a war crime.

Geneva Convention IV, aimed at the protection of non-combatants in IACs, provides that states must allow the free passage of medical consignments, food, and other relief supplies for the benefit of the civilian population. The Security Council issued several forceful resolutions against the Syrian government’s use of starvation in 2014–15.

https://www.justsecurity.org/29157/siege-warfare-starvation-civilians-war-crime/

In 1998 the International Criminal Court Statute codified starvation methods as a war crime in international armed conflicts.

‘https://www.icc-cpi.int/sites/default/files/RS-Eng.pdf

A 2019 amendment expanded this doctrine to cover noninternational armed conflicts – conflicts between states and organized armed groups, or between organized armed groups. In addition to food, the legal definition of starvation also includes deprivation of water, shelter and medical care.
https://treaties.un.org/pages/ViewDetails.aspx?src=TREATY&mtdsg_no=XVIII-10-g&chapter=18&clang=_en

On 4 and 5 November, seven water facilities across the Gaza Strip were directly hit and sustained major damage, including three sewage pipelines in Gaza city, two water reservoirs (in Gaza City, Rafah and Jabalia refugee camp) and two water wells in Rafah. The Gaza municipality warned about the imminent risk of sewage flooding.

‘https://www.ochaopt.org/content/hostilities-gaza-strip-and-israel-flash-update-30

ResearcherZero • April 2, 2024 2:35 AM

Ukraine is using AI technology to negate GPS jamming effects and strike targets that need a lot of Western technology. Ukraine claims 12% of Russian refining capacity is now offline, while Reuters calculates it’s up to 14%.

‘https://edition.cnn.com/2024/04/01/energy/ukrainian-drones-disrupting-russian-energy-industry-intl-cmd/index.html

Volodin’s letter to President Putin proposed to implement the concept of “de-Westernization” in the Russian Federation after the elections.

‘https://informnapalm.org/en/russia-after-the-elections/

ResearcherZero • April 2, 2024 4:06 AM

@lurker

More British are ashamed of their government’s abdication of responsibility in 1948 than Australian’s are of their government’s abdication of responsibility for the continued atrocities committed against Australia’s traditional owners and their children. And certainly more than the number of GOP members who fail to condemn the language of violence.

When is enough’s enough?

The Republican Party excuses Trump’s conduct, despite no former nominee acting in such a disgusting manner.

‘https://edition.cnn.com/2024/03/31/politics/trump-dangerous-rhetoric-analysis/index.html

What Trump is doing—encouraging this violence—is a time bomb.
https://www.newyorker.com/news/our-columnists/donald-trumps-incitements-to-violence-have-crossed-an-alarming-threshold

“First, they change the view of violence. And Mr. Trump, since 2015, he started saying at his rallies, using his rallies and campaign events for radicalizing people. And he started saying, oh, in the old days, you used to hurt people. The problem is, Americans don’t hurt each other anymore.”

“So now he’s going into a new phase of openly dehumanizing his targets so that will lessen the taboos in the future.”

‘https://www.pbs.org/newshour/show/trumps-ramped-up-rhetoric-raises-new-concerns-about-violence-and-authoritarianism

–

More annoying than Clippy (and crashing explorer executable)

‘https://sherwoodmedia.com/news/microsoft-copilot-ai-search-chatgpt-is-making-up-fake-vladimir-putin-quotes/

–

In 1999, an equation used to calculate eGFR was modified to adjust Black people’s results compared to everyone else’s, based on some studies with small numbers of Black patients and a long-ago false theory about differences in creatinine levels. Until recently that meant many lab reports would list two results… Numerous formulas or “algorithms” used in medical decisions — treatment guidelines, diagnostic tests, risk calculators — adjust the answers according to race or ethnicity in a way that puts people of color at disadvantage.

‘https://apnews.com/article/kidney-transplant-race-black-inequity-bias-d4fabf2f3a47aab2fe8e18b2a5432135

ResearcherZero • April 2, 2024 11:31 PM

“understanding sepsis requires reframing the research focus to identify immunometabolic and neurophysiological mechanisms of cellular and organ dysfunction.”

“Sepsis” is an imprecise clinical diagnostic term used to describe patients that have a continuum of abnormalities in organ function.

Sepsis: Current Dogma and New Perspectives

‘https://www.cell.com/immunity/fulltext/S1074-7613(14)00115-0

–

Device Bound Session Credentials

‘https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html

Cryptographic keys that cannot be exported from the user’s device under normal circumstances. There is a seperate [sic] key for each session, and it should not be possible to detect two different session keys are from one device.

(DBSC will not prevent temporary access to the browser session while the attacker is resident on the user’s device.)

‘https://github.com/WICG/dbsc

(separate is often misspelled as seperate)

ResearcherZero • April 3, 2024 2:38 AM

There have been a number of wars to end war, and the “free” speech earned was earned in blood. Given how many fell in both World Wars and other conflicts, we owe a responsibility.

I’d prefer that people did not encourage violence and resolved animosity respectfully.

There are a lot of innocent people who have already died. Many you won’t read about, and in a number of those cases it was done in an attempt to try and prevent intelligence coming to light regarding planned activities by The Kremlin, it’s intelligence services and military.

What is particularly disturbing is that they did not know anything. Yet they were killed.
In some cases it was done as a psychological operation aimed at relatives or friends. Just on the off chance that one of these distantly related persons might have seen something.
Wiping out family members of people who themselves posed no risk. Preemptive cruelty.

Illegal annexations and invasions also lead to what may be “accidental” cases of murder.

Flight MH17 was on its way from Amsterdam to Kuala Lumpur on July 17, 2014, when it was shot out of the sky over territory held by pro-Russian rebels in eastern Ukraine. All 298 people on board were killed, including 15 crew members and 283 passengers from 17 countries.

‘https://www.abc.net.au/news/2022-11-18/dutch-court-gives-verdict-on-mh17-plane-crash/101668556

There were a number of deliberate killings by Russian Intelligence Services well before, and after 2014. Those operations were carried out to silence people or prevent intelligence being passed on. There were other killings carried out against individuals or their family, friends and colleagues – for passing on intelligence. Some victims were misidentified and then killed. Other innocent victims were killed in an attempt to frame individuals.

In some cases there appears to be no clear reason why they were murdered. Fishing perhaps?
Such cases did not take place in a conflict zone. They occurred in peaceful urban settings.

A lot of the intelligence came at a very high cost. But feel free to dance in the blood of my friends and colleagues. They laid down their lives so that you can have that privilege.

“Assassination attempts against foes of Putin have been common during his nearly quarter century in power. Over the years, Kremlin political critics, turncoat spies and investigative journalists have been killed or assaulted in a variety of ways.”

There also have been reports of prominent Russian executives dying under mysterious circumstances, including falling from windows, although whether they were deliberate killings or suicides is sometimes difficult to determine.

https://apnews.com/article/russia-kremlin-enemy-navalny-prigozhin-litvinenko-skripal-958c2ed6b8d60ecc4f64092fc1f9ceb5

“Mr. Litvinenko moved in a circle of exiled dissidents clustered around Boris A. Berezovsky, a fugitive oligarch who tilted against Mr. Putin from London and who was found hanged in 2013 under circumstances that were never categorically explained.”

That was in stark contrast to Mr. Skripal, a former military intelligence officer in Russia, who arrived in Britain in 2010 as part of a spy swap and lived quietly in an English cathedral town.

“This guy is not a big critic,” Marina Litvinenko, the widow of the whistle-blower, said of Mr. Skripal, speaking by telephone from an undisclosed location outside London. “Everyone says he kept a low profile.”

‘https://www.nytimes.com/2018/03/06/world/europe/alexander-litvinenko-sergei-skripal.html

161st Special Purpose Specialist Training Center in eastern Moscow

Russian military intelligence officer of Unit 29155, Denis V. Sergeev charged…

Its operations are so secret, according to assessments by Western intelligence services, that the unit’s existence is most likely unknown even to other G.R.U. operatives.

https://www.nytimes.com/2021/09/21/world/europe/skripal-arrest.html

ResearcherZero • April 3, 2024 3:36 AM

Discipline is particularly important in a war zone. Along with communication.

The IDF instructed aid workers not to use radios as they might be stolen.

‘https://www.independent.co.uk/news/world/middle-east/israel-gaza-attack-strike-world-central-kitchen-b2522280.html

“The army’s killing of seven aid workers in the Gaza Strip on Monday night stemmed from poor discipline among field commanders, not a lack of coordination between the army and aid organizations, army sources said on Tuesday.”

‘https://www.haaretz.com/israel-news/2024-04-02/ty-article/.premium/idf-sources-gaza-aid-workers-killed-because-officers-on-the-ground-do-what-they-want/0000018e-a06e-d9c2-afbe-a8fe319b0000

ResearcherZero • April 3, 2024 4:11 AM

@Winter

Albert Averyanov, son of Andrei Averyanov, commander of Unit 29155, was spotted outside victim’s home.

‘https://thedebrief.org/explosive-investigation-links-russias-shadowy-unit-29155-to-havana-syndrome-attacks-on-u-s-officials-worldwide/

paywalled

Suspected of having played a role in the crash of Yevgeny Prigozhin’s plane, Averyanov is known for having contributed to a number of destabilization operations in Europe as head of a military intelligence unit.

At the end of July, during a meeting with a Malian delegation at a Russia-Africa summit in St. Petersburg, he appeared alongside Russian ministers and the heads of conglomerates surrounding Putin.

‘https://www.lemonde.fr/en/international/article/2023/08/30/andrei-averyanov-the-russian-general-closely-watched-by-western-intelligence_6116106_4.html

ResearcherZero • April 3, 2024 10:51 PM

@echo

If you ever have the unfortunate experience of having to deal with such problems you will find it does not matter which party is sitting in power, the response remains identical.

It’s more than a little frustrating when you are warning senior members of government and senior members of state police forces that someone is at imminent risk of murder, and all you get in return is a grimacing, sad looking expression and a complete lack of response.

–

@The approaching future

What is publicly disclosed and not publicly disclosed are two very different things.

Clearly you have little experience, and zero military or intelligence experience to base your assumptions on. London is one of the most heavily surveilled cities in the world.

–

Microsoft still unable to discern how 2016 MSA signing key got ganked.

‘https://arstechnica.com/information-technology/2024/04/microsoft-blamed-for-a-cascade-of-security-failures-in-exchange-breach-report/

‘https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf

back in 2010…

The IE (CVE-2010-0249) vulnerability allowed remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory.

“The vulnerability was reported to Microsoft last August by Meron Sellen from BugSec, an Israeli security research company.”

An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

‘https://www.zdnet.com/article/microsoft-knew-of-ie-zero-day-flaw-since-last-september/

“Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.”

https://web.archive.org/web/20120911141122/http://blogs.mcafee.com/corporate/cto/operation-aurora-hit-google-others

The targets received an e-mail or instant message that appeared to come from someone they knew and trusted.

“[The SCMs] were wide open,” says Dmitri Alperovitch, McAfee’s vice president for threat research. “No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways — much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting.”

‘https://www.wired.com/2010/03/source-code-hacks/

APT17’s members are allegedly operating as contractors for the Jinan bureau of the Chinese Ministry of State Security (MSS)

‘https://www.zdnet.com/article/apt-doxing-group-expose-apt17-as-jinan-bureau-of-chinas-security-ministry/

‘https://www.wired.com/images_blogs/threatlevel/2010/03/operationaurora_wp_0310_fnl.pdf

–

‘https://www.malwarebytes.com/blog/news/2024/04/google-patches-critical-vulnerability-for-androids-with-qualcomm-chips

Forensic companies are rebooting devices in ‘After First Unlock’ state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory. Google implemented a fix by zeroing the memory when booting fastboot mode, and only enabling USB connectivity after the zeroing process is completed, rendering the attacks impractical.

‘https://source.android.com/docs/security/overview/acknowledgements

‘https://source.android.com/docs/security/bulletin/2024-04-01

ResearcherZero • April 3, 2024 11:37 PM

“One of the things that dissuaded us of that was the fact that children were getting… bloody noses [and] bleeding from the ear. There were seizures happening in children. And then pets reacting to noises or pressures that people were feeling at the same time.”

A $1 million medical bill is quite a high expense to cop. Especially doing your job. Many top counter-intelligence agents working on issues dealing with Russia have been targeted.

Many of these articles report “no smoking gun”, but they do not have access to classified intelligence. Disclosing information may risk sources/victims/methods. But politicians are often reluctant to disclose information through fear of “creating public panic”.

We also do not want agitate the public and create unneeded animosity towards Russia.

This is not an excuse however to ignore the plight of those dealing with the problem.

‘https://www.cbsnews.com/news/5-year-havana-syndrome-investigation-finds-new-evidence-of-who-might-be-responsible-60-minutes/

“A senior defense official was hit with Havana Syndrome symptoms as recently as July 2023, during a NATO summit in Lithuania focused on supporting Ukraine in its war against Russia.”

https://www.forbes.com/sites/antoniopequenoiv/2024/04/01/pentagon-confirms-defense-official-experienced-havana-syndrome-symptoms-at-2023-nato-summit/

ResearcherZero • April 4, 2024 5:27 AM

@echo

You would imagine they might pay a little attention to foreign agents popping bombs under cars and in hotel rooms, shooting people, importing container loads of weapons. I mean sure ignore the ordinary person getting whacked, but they did stick a car bomb under the former head of the Armed Robbery Division and the Minister of Police. I don’t imagine their families were too happy about them being blown to pieces on a suburban street.

They also stuck a bomb under a car in the CBD around lunch that had the potential to take out the lower floor of a hotel and wipe out a good 50 pedestrians passing by on the street.

I don’t expect them to care about the deaths of my friends and colleagues, but endangering the lives of large groups of innocent civilians is usually considered terrorism. When you do not attempt to prosecute such behaviour it signals a tolerance of unrestrained violence.

–

Prosecutor General Andriy Kostin said nearly 80,000 cases of war crimes have been registered in Ukraine since the war began in February 2022.

‘https://apnews.com/article/congress-ukraine-russia-war-crimes-torture-1015b6b6393489d088b0980225ff4509

“clearly excessive”

Proportionality matters:

The warrants also allege that the series of attacks on Ukraine’s electrical grid, taken together, constitute a crime against humanity, indicating that the prosecutor’s office is looking at the overall course of conduct in the war as well as the legality of individual incidents.

The crimes were repeated after Bucha, even after the events were widely covered in the media, making it impossible for Russian leaders to later claim they were unaware they were going on, Kostin says. “We see the elements of genocide in many crimes committed, and we see them as a pattern of conduct of Russia.”

‘https://www.nytimes.com/2024/03/08/world/europe/icc-arrest-warrants-russia-war-crimes.html

“I personally believe violence should be avoided,” he said. “I believe that we have more tools that we can use to restructure society politically and socially without resorting to violence. We have seen the damage that violence does to our collective humanity and I think there better options,” said Gamawa.

https://hls.harvard.edu/today/honor-nelson-mandela-ever-violence-justifiable-struggles-political-social-change-video/

“Apartheid” refers to an institutionalized regime of systematic oppression and domination by one racial group over another.

‘https://www.amnesty.org/en/latest/education/2024/03/understanding-the-long-roots-of-violence-in-the-occupied-palestinian-territories-and-israel/

ResearcherZero • April 4, 2024 10:46 PM

“It is better to stop something bad from happening than it is to deal with it after it has happened,” -Generally attributed to the Dutch philosopher Desiderius Erasmus in around 1500, it’s not exactly a radical new concept.

“If some dispute arises between princes, why do they not take it to arbitration instead [of waging war],” Erasmus asks. “At the Nativity of Christ, the angels sang not the glories of war, nor a song of triumph, but a hymn of peace.”

‘https://plato.stanford.edu/entries/erasmus/

“My current task is more logical than your emotional turmoil,” said the Vulcan.

“Just pass me the med-kit,” quipped the bleeding bomb disposal expert in response. “And be quick about it, or we will both go up together while arguing how best to disable the bomb.”

ResearcherZero • April 5, 2024 2:23 AM

I love the FT and it’s massive paywall, sounds more lurid than I expected.

“The suspects transferred the funds to their bank accounts in Austria, Romania and Slovakia as soon as they received the advance payments,” the EPPO said.

An accountant suspected of involvement in the complex fraud had also been barred from practising. Over 100 suspicious financial transactions had been investigated.

…

European police seize Lamborghinis and Rolexes over alleged $650M Covid-19 fraud.

‘https://edition.cnn.com/2024/04/04/europe/eu-police-covid-fraud-italy-rolex-lamborghini-intl/index.html

“allegedly used false corporate balance sheets as they applied for non-repayable grants to support fictitious small and medium-size companies expanding to foreign markets”

https://abcnews.go.com/International/wireStory/police-arrest-22-eu-raids-linked-suspected-theft-108846909

ResearcherZero • April 5, 2024 3:50 AM

I had to chase my father in two inches of water across a paddock and rescue him, and some friends who were almost washed from a spillway almost into rock laden river whirlpools.

Two inches of fast moving water are pretty dangerous. Pulled a few folks out from river crossings. Their new 4WD’s did not fair as well as they did.

Pulled out a few dead floaters, some intact. One had been there too long, perhaps weeks.

–

CVE-2023-46805 and CVE-2024-21887 (authentication bypass and command injection)

A web shell written in Perl embedded into a legitimate Connect Secure .ttc (setcookie)

“China-nexus threat actors aggressively utilizing zero-day and N-day vulnerabilities to enable their operations and target organizations across the globe.”

‘https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

readme

‘https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways