lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Server stats:

66
active users

#cryptoapi

0 posts0 participants0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GossiTheDog</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> it merely prevents <a href="https://infosec.space/tags/Screenshots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Screenshots</span></a> by claiming it's <a href="https://infosec.space/tags/DRM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DRM</span></a>'d content.</p><ul><li><p>It's a mere <em>ask</em> and <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> could specifically close that <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> and make it subject to contractual agreements (as they did with their <a href="https://infosec.space/tags/Antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Antivirus</span></a> API calls to disable <a href="https://infosec.space/tags/WindowsDefender" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WindowsDefender</span></a>!) if they decide this is against their wishes.</p></li><li><p>It also doesn't prevent the <a href="https://infosec.space/tags/Keylogger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Keylogger</span></a> nor works against the <a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" target="_blank">known</a> <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> affecting all <a href="https://infosec.space/tags/Browsers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Browsers</span></a> (except <a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> and <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a>) which can be triggered by a single <a href="https://infosec.space/tags/HTTPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTPS</span></a> request.</p></li></ul><p>The correct solution for <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> would be to alert all their users and specifically <a href="https://infosec.space/tags/block" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>block</span></a> <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> in general or at least <a href="https://infosec.space/tags/Windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows11</span></a> simply because it is a <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> and <em>empirically cannot be made private or secure</em>.</p><ul><li>But that would require them to actually give a shit!</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://awscommunity.social/@Quinnypig" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Quinnypig</span></a></span> the sheer fact that <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> and <a href="https://infosec.space/tags/Windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows11</span></a> ain't banned across the <a href="https://infosec.space/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> to this day is an indictment to the <a href="https://infosec.space/tags/TechIlliteracy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliteracy</span></a> of politicans in the <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EUCommission</span></a></span> &amp; <span class="h-card" translate="no"><a href="https://respublicae.eu/@europarl_en" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>europarl_en</span></a></span> despite</p><ul><li><a href="https://infosec.space/tags/PRISM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PRISM</span></a></li><li><a href="https://infosec.space/tags/GoldenKeyBoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoldenKeyBoot</span></a> (aka. <a href="https://infosec.space/tags/CensorBoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CensorBoot</span></a> got owned!)</li><li><a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoors</span></a> <a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" target="_blank">they refuse to acknowledge or fix at all</a>!</li><li><a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a></li><li>Unwillingness to comply with <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GDPR</span></a> out if the box</li></ul><p>and now</p><ul><li><a href="https://infosec.space/tags/Recall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Recall</span></a> aka. the worst disguised <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> / <a href="https://infosec.space/tags/Spyware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spyware</span></a> in existance that allows anyone to <a href="https://github.com/xaitax/TotalRecall" rel="nofollow noopener" target="_blank">simply extract credentials</a> without the need to install a <a href="https://infosec.space/tags/Keylogger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Keylogger</span></a>, <a href="https://infosec.space/tags/ScreenRecorder" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ScreenRecorder</span></a> and/or commit <a href="https://infosec.space/tags/ProvilegueEscalatiom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProvilegueEscalatiom</span></a> successfully <em>at all</em>...</li></ul><p>And since <span class="h-card" translate="no"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GossiTheDog</span></a></span> managed to get it running on a system w/o <em>"<a href="https://infosec.space/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a>" acceleration</em> aka. <em>"<a href="https://infosec.space/tags/NPU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPU</span></a>"</em> it's safe to assume that it'll be perfectly possible to retroactively shove it down everyones' throats without recourse!</p><ul><li>Actually there are options for recourse besides <em>"<a href="https://infosec.space/tags/ThoughtsAndPrayers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThoughtsAndPrayers</span></a>"</em> that regulators like <span class="h-card" translate="no"><a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bsi</span></a></span> would actually take this seriously: </li></ul><p>Like: <em>Stop using <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> and <a href="https://www.youtube.com/watch?v=PkKfV0ATrH4" rel="nofollow noopener" target="_blank">get some help</a> migrating away from it to a good <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> distro!</em></p><p><a href="https://infosec.space/tags/WhatYouAllowIsWhatWillContinue" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WhatYouAllowIsWhatWillContinue</span></a></p>
tricia, queen of house cyberly :verified_paw: :donor:<p>Alrighty nerds, strap in - got another <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> vulnerability write up, hot off the press!<br>&nbsp;<br>You may remember the vulnerability disclosed by the <a href="https://infosec.exchange/tags/NCSC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NCSC</span></a> and <a href="https://infosec.exchange/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSA</span></a> to Microsoft about <a href="https://infosec.exchange/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> (CVE-2022-34689) which can lead to masquerading as legitimate entities (such as google or Microsoft.)<br>&nbsp;<br>We analyzed and exploited it. Pretty neat. </p><p>in the PoC, you can see the source code for how it could be exploited in the wild using an old version of Chrome.<br>&nbsp;<br>Link to write-up: <a href="https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">akamai.com/blog/security-resea</span><span class="invisible">rch/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi</span></a></p><p>Link to github repo: <a href="https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/akamai/akamai-secur</span><span class="invisible">ity-research/tree/main/PoCs/CVE-2022-34689</span></a></p><p>Awesome work Tomer and <span class="h-card"><a href="https://infosec.exchange/@yoni" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>yoni</span></a></span> !!!</p><p><a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/Research" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Research</span></a> <a href="https://infosec.exchange/tags/SecurityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityResearch</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a></p>