Lately I've been watching a lot of online security talks - the new thing
for conferences to do is publish them almost immediately, which is amazing.
So like, today I watched Chompie's talk:
https://www.sstic.org/2023/presentation/deep_attack_surfaces_shallow_bugs/
(I was honestly hoping it went from RCE to logic bug and allowed you to log
in, but maybe left as an exercise for the reader).
And yesterday I watched Natalie's talk:
https://www.youtube.com/watch?v=quw8SnmMWg4&t=663s&ab_channel=Offen…
(I'm still a bit confused as to how you connect to a phone's baseband with
SIP, but maybe I will ask later at some point). Does the baseband just have
some TCP ports open for RTC shenanigans? If so, that's great, #blessed, etc.
I actually forgot to post my own talk here, so if you want to watch that,
it's here:
https://www.youtube.com/watch?v=BarJCn4yChA&t=1669s&ab_channel=Offe…
My talk is not actually a call to hack enterprise products - which ya'll
are clearly already doing a lot of (I'm just assuming there are members of
the FIN11 ransomware crew on this list somewhere). It's more about
understanding which business models lead to easy bugs - enterprise software
obviously being one of them, but, for example, DRM components are another
one. There is an endless supply really.
Today I noticed Barracuda is saying that if your appliance gets hacked
<https://www.bleepingcomputer.com/news/security/barracuda-says-hacked-esg-appliances-must-be-replaced-immediately/>,
you should replace it immediately. It is now trash, or "e-waste" if you
prefer. This is a surprisingly honest thing to say. Previously appliance
companies who get hacked say things like "Meh? Upgrade pls! Don't forget to
change your passwords!" because as we all know, the firmware
<https://arstechnica.com/information-technology/2023/03/malware-infecting-widely-used-security-appliance-survives-firmware-updates/>
and
boot partitions inside expensive security appliances are all protected by
angry leprechauns, which is why it's still ok in 2023 to have Perl
installed on them, even if you don't know what a ../.../ does in a tar
file.
This honesty would be nice if it also applied to our government agencies -
like instead of this very long report CISA
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-110a#:~:text=CISA%20recommends%20performing%20checks%20to,remediation%20has%20been%20taken%20place.>
put out about what to do if you think your Pulse Secure VPN was hacked,
which recommends performing a factory reset, updating your appliance to the
very latest version, and then calling your therapist to have a good cry
about it, they should have instead said: "Yes, your appliance did at one
point control authentication for everyone accessing your network, but
because it had issues with gzip files and opening URIs, it is now e-waste."
Crap, I forgot to write about the graph disassembler I want and why.
Tomorrow, for sure.
-dave