Lately I've been watching a lot of online security talks - the new thing for conferences to do is publish them almost immediately, which is amazing.
So like, today I watched Chompie's talk: https://www.sstic.org/2023/presentation/deep_attack_surfaces_shallow_bugs/ (I was honestly hoping it went from RCE to logic bug and allowed you to log in, but maybe left as an exercise for the reader).
And yesterday I watched Natalie's talk: https://www.youtube.com/watch?v=quw8SnmMWg4&t=663s&ab_channel=Offens... (I'm still a bit confused as to how you connect to a phone's baseband with SIP, but maybe I will ask later at some point). Does the baseband just have some TCP ports open for RTC shenanigans? If so, that's great, #blessed, etc.
I actually forgot to post my own talk here, so if you want to watch that, it's here: https://www.youtube.com/watch?v=BarJCn4yChA&t=1669s&ab_channel=Offen...
My talk is not actually a call to hack enterprise products - which ya'll are clearly already doing a lot of (I'm just assuming there are members of the FIN11 ransomware crew on this list somewhere). It's more about understanding which business models lead to easy bugs - enterprise software obviously being one of them, but, for example, DRM components are another one. There is an endless supply really.
Today I noticed Barracuda is saying that if your appliance gets hacked https://www.bleepingcomputer.com/news/security/barracuda-says-hacked-esg-appliances-must-be-replaced-immediately/, you should replace it immediately. It is now trash, or "e-waste" if you prefer. This is a surprisingly honest thing to say. Previously appliance companies who get hacked say things like "Meh? Upgrade pls! Don't forget to change your passwords!" because as we all know, the firmware https://arstechnica.com/information-technology/2023/03/malware-infecting-widely-used-security-appliance-survives-firmware-updates/ and boot partitions inside expensive security appliances are all protected by angry leprechauns, which is why it's still ok in 2023 to have Perl installed on them, even if you don't know what a ../.../ does in a tar file.
This honesty would be nice if it also applied to our government agencies - like instead of this very long report CISA https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-110a#:~:text=CISA%20recommends%20performing%20checks%20to,remediation%20has%20been%20taken%20place. put out about what to do if you think your Pulse Secure VPN was hacked, which recommends performing a factory reset, updating your appliance to the very latest version, and then calling your therapist to have a good cry about it, they should have instead said: "Yes, your appliance did at one point control authentication for everyone accessing your network, but because it had issues with gzip files and opening URIs, it is now e-waste."
Crap, I forgot to write about the graph disassembler I want and why. Tomorrow, for sure.
-dave
dailydave@lists.aitelfoundation.org