Holograms in space.

10 minutes.

source: K

Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day.

There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.

TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.

I’ll investigate what I assess to be the root causes of the vulnerabilities and discuss some insights we can gain into Apple’s software development lifecycle. The root causes I highlight here are not novel and are often overlooked: we’ll see cases of code which seems to have never worked, code that likely skipped QA or likely had little testing or review before being shipped to users.

Wisdom of the crowds is never wrong.

source: L

Schools are weird. They get super-political about the strangest things, because kids tend to get hung up about stupid things and those stupid things tend to affect what happens in the classroom. And that leads to common things getting banned. One of those things was the Trapper Keeper—a brilliant tool built to organize students as they went about the myriad subjects in their day. It seems like a useful thing, but schools across the country banned the products at the height of their success, ensuring that they would eventually fade from view. (Try finding one in a store lately?) Today’s issue organizes every spare thought around the Trapper Keeper.

Is your parser still going to work?

Times 77.

Strings are hard!

I saw an ad for a tiny chip that provides 5 volts of isolated power: You feed 5 volts in one side, and get 5 volts out the other side. What makes this remarkable is that the two sides can have up to 5000 volts between them. This chip contains a DC-DC converter and a tiny isolation transformer so there’s no direct electrical connection from one side to the other. I was amazed that they could fit all this into a package smaller than your fingernail, so I decided to take a look inside.

Trying to write a ones complement checksum function. Unlike the classic x86, SSE has alignment restrictions and sometimes the compiler decides that’s what you get unexpectedly.

Neat little change to control latency.

source: Dfly

You can (but shouldn’t) change how people copy text from your website.

source: HN

The full Proceedings published by USENIX for the conference are available for download below. Individual papers can also be downloaded from the presentation page.

I used the private IP as the url for the Google Sites javascript external resource and waited for the moment of truth. The request took more than 30 seconds to complete and at that time I really thought the request was blocked and I almost closed the page since I never had any luck with SSRF on Google before. However, when Google Caja replied, I saw that the reply size wasn’t around 1 KB like for a typical error message but 1 MB instead! One million bytes of information coming from a 10.x.x.x IP from Google internal network, I can tell you I was excited at this point!

source: HN

Putting Windows Defender Antivirus in a restrictive process execution environment is a direct result of feedback that we received from the security industry and the research community.

One might say finally, but here it is.

The prefetch is that portion of a CPU that reads instructions from memory and presents those instructions to the rest of the CPU for execution. While today’s Wikipedia author’s argue that there’s a difference between an instruction fetch, which gets the next instruction from memory, and a prefetch, which fetches an instruction before it is needed, I’m going to equate the two terms under the single name prefetch for simplicity. The result of this abuse of terminology will be that I can describe all instruction fetch modules with the same term, but also that this subtle difference in meaning will be lost.

Terminology abuse aside, quite some detail here.

source: HN

Long, long ago there was an 8086...

(updated with latest issues)

10-15.

source: grugq

Mostly about threads and plagiarism, but also in conclusion:

Twitter is not a blog. It’s not meant to be a blog. This is a blog. Compare the thread that I wrote with what I transcribed to this blog post. Is there more information in the thread? Mm, maybe. There’s different information. But is the important information available here, edited for clarity, removing the random wandering thoughts and audience participation? Yes. Is this format better suited to a blog post? Yes. Is the twitter thread better suited to twitter? Absolutely.

I don’t like twitter threads, but like the multiple levels of bottom feeders even less.

source: HN

In this post, we shed some light on the process of weaponizing a vulnerability (CVE-2018-4192) in the Safari Web Browser to achieve arbitrary code execution from a single click of an unsuspecting victim. This is the most frequently discussed topic of the exploit development lifecycle, and the fourth post in our Pwn2Own 2018 series.

source: grugq

For a short film about another world, the landscape designer Bas Smets created a dark, scientifically accurate terrain.

A short list of black plants.

Who knows what’s really going on, but interesting idea.

source: MR

I worked on the Safeguard software from 1969 to 1975.

source: grugq