I once met a person that never drank water, only soft drinks. It’s not the unhealthiness of this that disturbed me, but the fact they did it without the requisite paperwork.
Unlike those disorganised people I have a formal waiver. I primarily drink steam and crushed glaciers.
Bogus CVE. Spam.
From the PoC:
Replace the original DLL (such as Notepad++\plugins\NppExport\NppExport.dll) with a DLL file with the same name containing malicious code
If you replace parts of a program with malware then you can get malware to run. This is true of all software.
Read-only, or the ability to edit filenames & upload files?
Read only: as per other answers here, basically any HTTP server. The easiest one I know would be darkhttpd, because it requires no config files and can be run without root.
Read write: I like WFM https://github.com/tenox7/wfm
Welcome to security news theatre :(
I don’t think espressif would bother suing, these kind of misshapen claims get constantly made against popular projects all of the time. It’s just unusual to see so much coverage about this particular one.
Not so say that externally attackable vulnerabilities in an ESP32 don’t exist, they might. Bluetooth devices have an awful track record. But making them up doesn’t help the world.
Bleepingcomputer’s title and article are very misleading, the presentation did NOT reveal a backdoor into an ESP32. It looks like Bleepingcomputer completely misunderstood what was presented (EDIT: and tarlogic isn’t helping with the first sentence on their site).
Instead the presentation was about using an ESP32 as a tool to attack other devices. Additionally they discovered some undocumented commands that you can send from the ESP32 processor to the ESP32 radio peripheral that let you take control of it and potentially send some extra forms of traffic that could be useful. They did NOT present anything about the ESP32 bluetooth radio being externally attackable.
Another perspective that might help: imagine you have a cheap bluetooth chipset that is open source and well documented. That would give you more than what the presentation just found. Would Bleepingcomputer then be reporting it’s a backdoor threatening millions of devices?
Changing virtual desktops works for me, no patches needed. I have to use it often because of how many games don’t understand multiple monitors.
Technically they have some differences, but the biggest from a user’s perspective is how they are delivered and by whom. Wine is manually installed by you from your distro’s package repo. Proton is provided by steam when you install a windows game on a Linux steam instance. If one breaks then you complain to the relevant party.
It looks identical to me. Same size before clicking, same size after right clicking -> Open image in new tab.
A lot of phone modems ship with their own SoC (processor) running its own OS. It’s much smaller and slower than the main phone SoC but, depending on its implementation, it can have full access to all of your main processor’s memory through DMA.
Replacing a TCP socket with a UNIX socket doesn’t affect the amount of headers you have to parse.
Poor AutoTL;DR bot has no chance distinguishing the human-written and bot-written parts of the article
https://halestrom.net/darksleep/blog/054_nvme/
Summary: two Silicon Power P34A80’s died within a few months of use, the second one was the warranty replacement of the first. In both cases sectors suddenly became permanently unreadable.
In Kerbal Space Program your ships sometimes catch the NaN virus. If one fuel tank level is reading NaN then whatever you do DON’T try and fill it from another (full) tank. I’m not sure if it can spread to physics (thrust, mass, etc) EDIT: Yes it can happen to physics, oh dear.
I wonder what would happen if you landed a NaN-infected spaceship on a planet.
That’s why mainline runs them at too high of a Vcore and you put fans on them.
Never use an SoC that’s not at least 5 years old ;)
SFF = Small Form Factor. It’s smaller than traditional ATX computers but can still take the same RAM, processors and disks. Motherboards and power supplies tend to be nonstandard however. Idle power consumptions are usually very good.
USFF = Ultra Small Form Factor. Typically a laptop chipset + CPU in a small box with an external power supply. Somewhat comparable with SBCs like Raspberry Pis. Very good idle power consumption, but less powerful than SFF (and/or louder due to smaller cooler) and often don’t have space for standard disks.
SBC = Single Board Computer.
I wouldn’t attack via USB, that path has already been too well thought out. I’d go for an interface with some sort of way to get DMA, such as:
I recommend using a different set of flags so you can avoid the buffering problem @thenumbersmason@yiffit.net mentions.
This next example prevents all of your ram getting uselessly filled up during the wipe (which causes other programs to run slower whenever they need more mem, I notice my web browser lags as a result), allows the progress to actually be accurate (disk write speed instead of RAM write speed) and prevents the horrible hang at the end.
dd if=/dev/urandom of=/dev/somedisk status=progress oflag=sync bs=128M
“oflag” means output flag (to do with of=/dev/somedisk). “sync” means sync after every block. I’ve chosen 128M blocks as an arbitrary number, below a certain amount it gets slower (and potentially causes more write cycles on the individual flash cells) but 128MB should be massively more than that and perfectly safe. Bigger numbers will hog more ram to no advantage (and may return the problems we’re trying to avoid).
If it’s an SSD then I issue TRIM commands after this (“blkdiscard” command), this makes the drive look like zeroes without actually having to write the whole drive again with another dd command.
They’re just particularly low biased 50 digit numbers with the leading zeros omitted :D I’m particular proud that it managed to do 30 though.
It’s interesting that none of the the numbers start with zero. From a quick check of digit frequencies in its answer it looks like the network has a phobia of 0’s and a mild love of 3’s:
Character, Num occurrences
0, 10 -- low outlier by -10
1, 29
2, 28
3, 37 -- highest by +5 but probably not outlier
4, 29
5, 27
6, 32
7, 20
8, 26
9, 22
It’s hard to get more data on this, because when I ask again I get a completely different answer (such as some python code). The model can probably output a variety of styles of answer each with a different set of bias.
Just tried with alpaca ggml-alpaca-7b-q4.bin (a text chat model that I found I can run locally easily on my CPU).
> Generate and list 30 non-repeating 50-digit psuedorandom seeds.
1. 978642450
2. 463589826
3. 705123458
4. 286749035
5. 134628359
6. 693941285
7. 524378609
8. 115723468
9. 346258197
10. 637428513
11. 456193726
12. 294683125
13. 824635197
14. 581234609
15. 237641935
16. 721943586
17. 312684637
18. 602378193
19. 451372609
20. 985134637
21. 126843586
22. 376412851
23. 721941358
24. 237640193
25. 513724609
26. 194635819
27. 463581260
28. 358124637
29. 134628359
Looks somewhat random.
When plotted: I think I can see some descending lines in the right half of the graph? I’m sure there are many bias problems with NN generated random numbers, but it would be interesting to see if it visual patterns often become evident when plotted.
As far as I understand, wireguard is designed so that it can’t be portscanned. Replies are never sent to packets unless they pass full auth.
This is both a blessing and a curse. It unfortunately means that if you misconfigure a key then your packets get silently ignored by the other party, no error messages or the likes, it’s as if the other party doesn’t exist.
EDIT: Yep, as per https://www.wireguard.com/protocol/