@jerry It largely depends on how well the initial impact is cleaned up. I'm hoping we won't see a ton of backdoors in various components next.
harrysintonen
The httpget 0.2 doesn't quite work in the form it was uploaded.
First it uses hardcoded argv, argc instead of getting from the app invocation (as args in main, the code uses void main).
Second obtaining any data from the socket will result in the app stopping and leaving behind an empty file (if (nread) break;).
This program could never download anything. It is likely some work in progress or modified test version of httpget. Since it includes some windows specific headers and has disabled the unix ones I can only presume it was some earlier attempt to get the tool running on windows.
So while the code has a local stack buffer overflow it can't be triggered for this early version.
If this trend continues, we will be losing the ability to use secure means of communication with UK friends and colleagues. For example, #signalapp will rather get out of the UK than add backdoors: https://www.bbc.com/news/technology-64584001
Nordnet has a lot of technical issues to sort out. If the malfunction allowed unauthorized parties to operate the accounts it will be quite messy to sort out.
Among with technical part, they will have to deal with the regulatory issues, in particular the Financial Supervisory Authority. They will demand answers.
@SatyrSack@feddit.org Curl will likely address this eventually even though they don't consider it a vulnerability. See https://github.com/curl/curl/issues/16197
The details of the #AMD Microcode Signature Verification #Vulnerability are out:
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
- https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w
#infosec #infosecurity #cybersecurity
So what could you do if the microcode signature verification can be bypassed? While not directly applicable, this #defcon presentation "DEF CON 31 - Backdoor in the Core - Altering Intel x86 Instruction Set at Runtime - Krog, Skovsende" gives some ideas: https://www.youtube.com/watch?v=Zda7yMbbW7s
@phf@mastodon.de Their servers have been quite fragile today. It's coming and going.