There are several truly beautiful aspects to the NSO zero-click sploit for iMessage¹: the first one to come to my mind is the departure from the dependency upon a specific OS version…
__
¹ googleprojectzero.blogspot.com/2021/12/a-deep… (wonderfully written, btw, thank you Ian Greer & Samuel Groß) … by targeting a specific vulnerability and then providing yourself the "sploit VM" to run your code avoids the use of ROP and the search for gadgets which might break with an OS upgrade.

The last time I was awed by a trick like this was back when CORE Impact shipped their…

What happens when a superpower risks losing its hegemony over the world because of its reaction to a virus? Well, the book says "rewrite the truth" and off you go! Crucial to rewriting the truth properly is to seed your alternative truth while undermining any support for the … inconvenient truth. For a virus you need to pivot the attention to a new theory as to its origins with a high enough official to make it sound like "you know something" but it is so secret you cannot fully reveal it. Enter Pompeo stage right who mentions the "possibility" of …

A thread on French "Théâtre de la sécurité" based on Macron's visit to my patch of land.

Turns out today was not the day to collect someone in St. Gervais-les-Bains 'cos M. Le Président also decided to drop by.

The first signs were the Swiss police setting up roadblocks... where they were stopping all drivers guilty of "Driving while French" (perfectly reasonable) and, being pragmatic, took the opportunity to check them all for the motorway tax sticker which, despite being dirt cheap at CHF 40/yr, is worthy of evasion by drivers who pay €5/day...

Congratulations Intel: a whole blog post about tons of issues¹ and the link to the "including CVE-2019-0169 which has a CVSS score of 9.6 (critical)" sends you to the home page. Still reserved at MITRE² (created Nov 2018!!).
_
¹ blogs.intel.com/technology/201…
² cve.mitre.org/cgi-bin/cvenam… As the only "up to 9.6" vulnerability the candidate is SA-00241¹ which is a collection of RCEs and others related to remote management (ME, AMT, CSME, DAL).
_
¹ intel.com/content/www/us…

A thread on the long lost art of QA.

It is clearly no longer fashionable to talk about Quality Assurance (QA) or "testing", to use what is now considered a rude word.

We have had an inordinate number of examples very recently, from iOS 13 to Signal, all of which beg the … question: why?

For the single reason that I wanted to "see dark mode" I joined the iOS 13 beta. A long long time ago a "beta" followed an "alpha" which was normally run internally and ironed out showstoppers and the most obvious bugs. Beta was reserved for refining issues…

Il trattato INF in pochi tweet, ovvero “perché non è una buona idea uscirne”:

Il trattato INF (“Intermediate Nuclear Forces”)¹ del 1987 è un tratto che regola le armi nucleari a medio raggio. In poche parole testate nucleari su missili con un…
__
¹ state.gov/t/avc/trty/102… raggio di volo tra gli ICBM ed i missili a corto raggio per il teatro di battaglia.

La particolarità di questi missili è che il loro tempo di volo sarebbe talmente corto da rendere il tempo di reazione così breve da obbligare il lancio preventivo di “tutto” secondo l’orribile…

Am about to drop the backlog of arXiv & IACR papers for the past few weeks. If you are not interested mute this thread now :) T. Xie et al. “The Untold Secrets of Operational Wi-Fi Calling Services: Vulnerabilities, Attacks, and Countermeasures” […study of exploring security issues of operational Wi-Fi calling services in three major U.S. operators’…using commodity devices…]

arxiv.org/abs/1811.11274

A book review tweetstorm: “The 2020 Commission Report on the North Korean Nuclear Attacks Against the United States” by @ArmsControlWonk

Long-awaited, I received it on my iBooks at 0117 on 7th August and, inevitably, started it there and then. By noon it was done incl. sleep… The “2020 Commission” is a book which can be read in many different ways: as a novel, taking the light road, as political satire, as a horror story for those with Cold War PTSD and also as a textbook on C4I and escalation/de-escalation theory.

After a few pages you are…

A historical set of tweets. Not recommended for Fascists or apologists.

Someone I knew particularly well was a rich Milanese industrialist during the advent of Fascism in Italy. In his factory he observed that the Fascist unions rapidly gained support amongst those who… believed that working was beneath them and they should be paid to sit around all day. After the first round of bewilderment he saw this as a great opportunity, transferred them off the floor and into an “office job”. Productivity soared and, at the same time, the “office” was…

First read of the AMDFLAWS whitepaper (no real technical details given) is: “over-hyped beyond belief”.

This is a whitepaper worthy of an ICO.

And yes, that is meant to be an insult. It begins with a statement which is clearly set up for financial readers as they quote the FTC and by page 2 it is a flurry of mediabites (“bad actors”, “espionage”, “disregard for fundamental security principles”).

To honour the 8th of March I shall tell the story of a student of mine when I still taught for SANS.

I was teaching the “Hacker Techniques & Incident Handing” course in London and one of the attendees came from DEFRA (the Department of something something and Agriculture)… and was the only lady in a class of 50+.

After the first day she came up to me, terribly flustered, saying that she thought she had signed up to the wrong class because she was lost compared to her neighbours.

It took a lot of reassuring: the class was filled with überhaxxors…