Adam @adam@hax0rbana.social
Wireguard looks like an excellent target for vulnerability research
Let's look at the facts:
- **heavily** optimised for speed
- written in C
- used by high value targets
- it's in the kernel (so memory corruption could mean ring-0/supervisor access)
- At least the Windows version has a function to run arbitrary programs: https://github.com/WireGuard/wireguard-windows/blob/master/elevate/shellexecute.go#L27 (I didn't look for usages, might be dangerous-but-not-currently-vulnerable)
- The code I skimmed had no comments (like explaining why are IPCs needed?)
"I was so dang impressed, I had to write this song! Fish on." --Primus
Primus just reminded me of the word loquacious, something I am not, but it's a good word
Unauthenticated RCE as root in many Linux VMs running in Azure.
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
The moral of the story, know what is running on your machines! Preferably at install time, but if not then at least look at the running processes.
New dependencies getting pulled in with newer versions of software is a much harder problem. Routine searches for new running processes is the best practical solution I've seen. It's not great, but it's something you can implement now.
TIL: there is an Epik with a k and they are neither a healthcare software giant nor a video game producer.
My team is going to be dropping some 0-days on a SOHO router manufacturer on Sept 21. The vulnerability allows your ISP, or anyone else who can intercept traffic on the WAN side, to root your router.
11 models affected in total, some will be patched by the time we go public, some will not. The vendor already missed the original disclosure deadline, but we granted them an extension since they committed to getting the patches out if they just had a little more time.
Arby's ran out of roast beef. Turns out they have pretty good spicy chicken sandwiches
Finally a project that I can use that big transformer from the old microwave for: spot welding. https://m.youtube.com/watch?v=6w9dFNRtqlg
9/11 is a monumental moment in recent US history. It was when a small group of people changed the world.
It even prompted the legendary MC Lars and YTCracker to collaborate and do a song about it. Without further ado, here is a link to that song.
Profanity, infosec
To whomever it was that recommended I watch The Social Dilemma while it was free on YouTube this month, thank you. It got pretty interesting after the first half (which will probably also be true for other people on here, who like the ActivityPub/Mastodon version of social media).
@thegibson you know, a lot of our type of people (artists, hackers, engineers, makers) are unwilling to give up the big city life. Moving to a rural area would be a huge change, and while some may love it, many others would not.
However, I think many would be willing to visit a cooperatively run farm, mixed with high tech projects, weird art, etc.
Having a place where guests could stay, and bring their entire family, might be a way to find people compatible with this lifestyle.
Another warning to those who use protonmail: if you do crimes, expect protonmail to cooperate with any and all law enforcement.
This may also be true if you do NOT do any crimes (e.g., if you are accused of a crime, or may have been nearby when someone else got accused of a crime, etc.).
For the record, I don't want to be a part of a community who excludes the people who are typically excluded in society at large today. This includes my employer, social circles, etc.
There are people I do want to exclude, and it is based on their actions. These would be racists, bigots, and people who are just jerks in general.
People who value clean energy, self sufficiency, open source software, standing up for people who are not being treated fairly: you are my people. ❤
We also made sure that children were able to provide input to decisions. It turns out, people under 18 very well might think of things adults don't. They might have desires that adults did not know about.
Taking their perspective into account is the ethical thing to do, in our opinion. It also gets them used to the process, and if your process is actually serving the desires of everyone, they'll want to continue participating after they turn 18.
Making decisions as a group is hard. How long should things be debated? is it majority rules? Consensus? Can one person torpedo all decisions? Do we just put one person in charge and they collect the views of everyone?
When we were looking into this years ago for #Hax0rbana, we found Konsensieren and we really liked it. It encourages participation and that everyone's concerns are heard and addressed as best as possible.
Original: https://www.youtube.com/watch?v=nu1pfFfXWKs
English: https://www.youtube.com/watch?v=3wR5YXYECOE
Growing vegetables for one person reportedly only requires 25 sq ft. for a year-round supply
https://portablefarms.com/2019/feed-5-portable-farm/
