Forwarded from BlackBox (Security) Archiv
Huawei HKSP Introduces Trivially Exploitable Vulnerability
5/11/2020 Update: We were contacted this morning by Huawei PSIRT who referenced an email by the patch author to the KSPP list: https://www.openwall.com/lists/kernel-hardening/2020/05/10/3 and stated that "The patchset is not provided by Huawei official but an individual. And also not used in any Huawei devices." They asked if we would update the description of the article to correct this information.
Based on publicly-available information, we know the author of the patch is a Huawei employee, and despite attempts now to distance itself from the code after publication of this post, it still retains the Huawei naming. Further, on information from our sources, the employee is a Level 20 Principal Security staffer, the highest technical level within Huawei.
The Github repository mentioned in the article had a commit added to it this morning that inserted a notice to the top of the README file, distancing the code from Huawei. This commit was (intentionally or not) backdated to Friday when the repository was created, creating the impression that we somehow intentionally ignored pertinent information that was readily available. This is obviously untrue, and examining the contents of https://api.github.com/repos/cloudsec/hksp/events proves the commit was pushed to the repo this morning.
We replied to Huawei PSIRT's mail and mentioned that we'd be fine with mentioning the patches aren't shipping on any Huawei devices (I believed it already to be unlikely given the poor code quality), but regarding the other claim (particularly due to the surreptitious Github repo edit), we'd have to also include the additional information we discovered.
ππΌ Read more:
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability
https://www.openwall.com/lists/kernel-hardening/2020/05/10/3
https://api.github.com/repos/cloudsec/hksp/events
#huawei #PSIRT #hksp #exploitable #kernel #hardening #vulnerability
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
5/11/2020 Update: We were contacted this morning by Huawei PSIRT who referenced an email by the patch author to the KSPP list: https://www.openwall.com/lists/kernel-hardening/2020/05/10/3 and stated that "The patchset is not provided by Huawei official but an individual. And also not used in any Huawei devices." They asked if we would update the description of the article to correct this information.
Based on publicly-available information, we know the author of the patch is a Huawei employee, and despite attempts now to distance itself from the code after publication of this post, it still retains the Huawei naming. Further, on information from our sources, the employee is a Level 20 Principal Security staffer, the highest technical level within Huawei.
The Github repository mentioned in the article had a commit added to it this morning that inserted a notice to the top of the README file, distancing the code from Huawei. This commit was (intentionally or not) backdated to Friday when the repository was created, creating the impression that we somehow intentionally ignored pertinent information that was readily available. This is obviously untrue, and examining the contents of https://api.github.com/repos/cloudsec/hksp/events proves the commit was pushed to the repo this morning.
We replied to Huawei PSIRT's mail and mentioned that we'd be fine with mentioning the patches aren't shipping on any Huawei devices (I believed it already to be unlikely given the poor code quality), but regarding the other claim (particularly due to the surreptitious Github repo edit), we'd have to also include the additional information we discovered.
ππΌ Read more:
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability
https://www.openwall.com/lists/kernel-hardening/2020/05/10/3
https://api.github.com/repos/cloudsec/hksp/events
#huawei #PSIRT #hksp #exploitable #kernel #hardening #vulnerability
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Security things in Linux v5.8
https://outflux.net/blog/archives/2021/02/08/security-things-in-linux-v5-8/
#linux #security #kernel
https://outflux.net/blog/archives/2021/02/08/security-things-in-linux-v5-8/
#linux #security #kernel
Linux Kernel Security Done Right
https://security.googleblog.com/2021/08/linux-kernel-security-done-right.html
#Linux #Kernel #Security
https://security.googleblog.com/2021/08/linux-kernel-security-done-right.html
#Linux #Kernel #Security
Google Online Security Blog
Linux Kernel Security Done Right
Posted by Kees Cook, Software Engineer, Google Open Source Security Team To borrow from an excellent analogy between the modern computer ec...
0xor0ne@infosec.exchange - Nice three parts series on Linux kernel exploitation
Part 1: https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/
Part 2: https://lkmidas.github.io/posts/20210128-linux-kernel-pwn-part-2/
Part 3: https://lkmidas.github.io/posts/20210205-linux-kernel-pwn-part-3/
#Linux #infosec #cybersecurity #kernel
Part 1: https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/
Part 2: https://lkmidas.github.io/posts/20210128-linux-kernel-pwn-part-2/
Part 3: https://lkmidas.github.io/posts/20210205-linux-kernel-pwn-part-3/
#Linux #infosec #cybersecurity #kernel
0xor0ne@infosec.exchange - Great website if you need a quick reference to Linux kernel syscalls (numbers)
https://syscalls.mebeim.net
#Linux #kernel #programming
https://syscalls.mebeim.net
#Linux #kernel #programming
0xor0ne@infosec.exchange - Very cool series about persistence in Linux environments
Persistence map: https://pberba.github.io/assets/posts/common/20220201-linux-persistence.pdf
Auditd, Sysmon, Osquery: https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
Account Creation and Manipulation: https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
Systemd, Timers, and Cron: https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/
Initialization Scripts and Shell Configuration: https://pberba.github.io/security/2022/02/06/linux-threat-hunting-for-persistence-initialization-scripts-and-shell-configuration/
Systemd Generators: https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/
#Linux #kernel #malware #cybersecurity #infosec
Persistence map: https://pberba.github.io/assets/posts/common/20220201-linux-persistence.pdf
Auditd, Sysmon, Osquery: https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
Account Creation and Manipulation: https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
Systemd, Timers, and Cron: https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/
Initialization Scripts and Shell Configuration: https://pberba.github.io/security/2022/02/06/linux-threat-hunting-for-persistence-initialization-scripts-and-shell-configuration/
Systemd Generators: https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/
#Linux #kernel #malware #cybersecurity #infosec
#Linus #Torvalds censored any Russians from contributing to gpl #Linux #kernel
https://www.phoronix.com/forums/forum/phoronix/latest-phoronix-articles/1500602-linus-torvalds-comments-on-the-russian-linux-maintainers-being-delisted/
"I'm Finnish. Did you think I'd be *supporting* Russian
aggression? Apparently it's not just lack of real news, it's lack of..." Linus
https://lore.kernel.org/all/CAHk-=whNGNVnYHHSXUAsWds_MoZ-iEgRMQMxZZ0z-jY4uHT+Gg@mail.gmail.com/
By the way, his father was a communist and even lived in Moscow for a while.
https://en.wikipedia.org/wiki/Nils_Torvalds#Education_and_experience
https://t.me/NoGoolag/34083
https://t.me/NoGoolag/5566
#npc #censorship
https://www.phoronix.com/forums/forum/phoronix/latest-phoronix-articles/1500602-linus-torvalds-comments-on-the-russian-linux-maintainers-being-delisted/
"I'm Finnish. Did you think I'd be *supporting* Russian
aggression? Apparently it's not just lack of real news, it's lack of..." Linus
https://lore.kernel.org/all/CAHk-=whNGNVnYHHSXUAsWds_MoZ-iEgRMQMxZZ0z-jY4uHT+Gg@mail.gmail.com/
By the way, his father was a communist and even lived in Moscow for a while.
https://en.wikipedia.org/wiki/Nils_Torvalds#Education_and_experience
https://t.me/NoGoolag/34083
https://t.me/NoGoolag/5566
#npc #censorship
Phoronix Forums
Linus Torvalds Comments On The Russian Linux Maintainers Being Delisted -
Phoronix Forums
Phoronix Forums
Phoronix: Linus Torvalds Comments On The Russian Linux Maintainers Being Delisted
Following yesterday's news first featured on Phoronix of several Linux driver maintainers being de-listed from their maintainer positions within the mainline Linux kernel overβ¦
Following yesterday's news first featured on Phoronix of several Linux driver maintainers being de-listed from their maintainer positions within the mainline Linux kernel overβ¦