harrysintonen

harrysintonen , 10 hours ago (edited 6 hours ago) to Random stuff

#GCC14 promoted some warnings to errors. This can break #autoconf, #CMake, #Meson or other build environments autoprobing for features, resulting in code built with missing or altered functionality. This could even lead to security impact, if some security related feature is unexpectedly not enabled.

Passing CC as "gcc -fpermissive" should fix this. If this is not an option there's even the nuclear option of adding a gcc wrapper script that does:

#!/bin/sh
exec /usr/bin/gcc -fpermissive "$@"

EDIT: I do not mean to say that these new options should blanket-disabled globally. There however are currently some packages that have problems with GCC 14 (missing features or existing functions not being used, or just failing to build). Naturally these packages should be fixed themselves. Meanwhile -fpermissive will allow building most of these troublesome packages.

harrysintonen , 1 day ago to Random stuff

Ported #gcc14 for #MorphOS. The #rust frontend #gccrs works and produces working code, too. The usability of this thing is currently somewhat limited of course as gccrs is still experimental.

harrysintonen , 2 days ago to Photography

#Auroraborealis in #Helsinki. #photography #photo #sky

Aurora Borealis in Helsinki 2024-05-11. Photo by Harry Sintonen sintonen@iki.fi License: CC BY 4.0 DEED - https://creativecommons.org/licenses/by/4.0/
Aurora Borealis in Helsinki 2024-05-11. Photo by Harry Sintonen sintonen@iki.fi License: CC BY 4.0 DEED - https://creativecommons.org/licenses/by/4.0/
Aurora Borealis in Helsinki 2024-05-11. Photo by Harry Sintonen sintonen@iki.fi License: CC BY 4.0 DEED - https://creativecommons.org/licenses/by/4.0/

harrysintonen , 3 days ago to Random stuff

Grazia Pizzuto: Jeroen Tel - Cybernoid 2 Title Theme (#C64, Piano Version)
https://youtu.be/9pKyNqwnomg #music #commodore64 ❤️

harrysintonen , 5 days ago to Random stuff

It appears that #Google #Chrome employs some kind of scoring logic on user browsing to determine if they exhibit secure browsing patterns. My guess is that they just see if the user visits "http://" URLs less than certain threshold and if true enable https-first.

harrysintonen , 5 days ago (edited 5 days ago) to Cybersecurity

So there's a "novel" #VPN attack with a fancy name "#TunnelVision". I argue that this is not novel at all. It is quite well known that these DHCP option 121 routes bypass routes set up by a VPN. Case example: Here is the TunnelVision attack described in September 2023: https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic #infosec #cybersecurity

bagder , 5 days ago to Random stuff

It is soon time for the annual #curl user survey. Anything in particular I need to remember to ask this time around? https://curl.se/mail/lib-2024-05/0008.html

harrysintonen , 6 days ago to Cybersecurity

#SkyNews attributing the UK Ministry of Defence #hack to China is rather interesting. Apparently a payroll systems used by current and former MoD personnel have been breached. https://news.sky.com/story/china-hacked-ministry-of-defence-sky-news-learns-13130757 #infosec #cybersecurity #breach

harrysintonen , 6 days ago to Random stuff

#Debian Security Advisory DSA-5681-1 fixes the following CVEs in the #linux kernel: CVE-2023-6270 CVE-2023-7042 CVE-2023-28746 CVE-2023-47233 CVE-2023-52429 CVE-2023-52434 CVE-2023-52435 CVE-2023-52447 CVE-2023-52458 CVE-2023-52482 CVE-2023-52486 CVE-2023-52488 CVE-2023-52489 CVE-2023-52491 CVE-2023-52492 CVE-2023-52493 CVE-2023-52497 CVE-2023-52498 CVE-2023-52583 CVE-2023-52587 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52606 CVE-2023-52607 CVE-2023-52614 CVE-2023-52615 CVE-2023-52616 CVE-2023-52617 CVE-2023-52618 CVE-2023-52619 CVE-2023-52620 CVE-2023-52622 CVE-2023-52623 CVE-2023-52627 CVE-2023-52635 CVE-2023-52637 CVE-2023-52642 CVE-2023-52644 CVE-2023-52650 CVE-2024-0340 CVE-2024-0565 CVE-2024-0607 CVE-2024-0841 CVE-2024-1151 CVE-2024-22099 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-24857 CVE-2024-24858 CVE-2024-24861 CVE-2024-26581 CVE-2024-26593 CVE-2024-26600 CVE-2024-26601 CVE-2024-26602 CVE-2024-26606 CVE-2024-26610 CVE-2024-26614 CVE-2024-26615 CVE-2024-26622 CVE-2024-26625 CVE-2024-26627 CVE-2024-26635 CVE-2024-26636 CVE-2024-26640 CVE-2024-26641 CVE-2024-26642 CVE-2024-26643 CVE-2024-26644 CVE-2024-26645 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26663 CVE-2024-26664 CVE-2024-26665 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26679 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687 CVE-2024-26688 CVE-2024-26689 CVE-2024-26695 CVE-2024-26696 CVE-2024-26697 CVE-2024-26698 CVE-2024-26702 CVE-2024-26704 CVE-2024-26707 CVE-2024-26712 CVE-2024-26720 CVE-2024-26722 CVE-2024-26727 CVE-2024-26733 CVE-2024-26735 CVE-2024-26736 CVE-2024-26743 CVE-2024-26744 CVE-2024-26747 CVE-2024-26748 CVE-2024-26749 CVE-2024-26751 CVE-2024-26752 CVE-2024-26753 CVE-2024-26754 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26776 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779 CVE-2024-26781 CVE-2024-26782 CVE-2024-26787 CVE-2024-26788 CVE-2024-26790 CVE-2024-26791 CVE-2024-26793 CVE-2024-26795 CVE-2024-26801 CVE-2024-26804 CVE-2024-26805 CVE-2024-26808 CVE-2024-26809 CVE-2024-26810 CVE-2024-26812 CVE-2024-26813 CVE-2024-26814 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26833 CVE-2024-26835 CVE-2024-26839 CVE-2024-26840 CVE-2024-26843 CVE-2024-26845 CVE-2024-26846 CVE-2024-26848 CVE-2024-26851 CVE-2024-26852 CVE-2024-26855 CVE-2024-26857 CVE-2024-26859 CVE-2024-26861 CVE-2024-26862 CVE-2024-26863 CVE-2024-26870 CVE-2024-26872 CVE-2024-26874 CVE-2024-26875 CVE-2024-26877 CVE-2024-26878 CVE-2024-26880 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26889 CVE-2024-26891 CVE-2024-26894 CVE-2024-26895 CVE-2024-26897 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26906 CVE-2024-26907 CVE-2024-26910 CVE-2024-26917 CVE-2024-26920 CVE-2024-26922 CVE-2024-26923 CVE-2024-26924 CVE-2024-26925 CVE-2024-26926 CVE-2024-26931 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26957 CVE-2024-26958 CVE-2024-26960 CVE-2024-26961 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26970 CVE-2024-26973 CVE-2024-26974 CVE-2024-26976 CVE-2024-26978 CVE-2024-26979 CVE-2024-26981 CVE-2024-26984 CVE-2024-26988 CVE-2024-26993 CVE-2024-26994 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27004 CVE-2024-27008 CVE-2024-27013 CVE-2024-27020 CVE-2024-27024 CVE-2024-27025 CVE-2024-27028 CVE-2024-27030 CVE-2024-27038 CVE-2024-27043 CVE-2024-27044 CVE-2024-27045 CVE-2024-27046 CVE-2024-27047 CVE-2024-27051 CVE-2024-27052 CVE-2024-27053 CVE-2024-27059 CVE-2024-27065 CVE-2024-27073 CVE-2024-27074 CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27437 https://lists.debian.org/debian-security-announce/2024/msg00090.html

harrysintonen , 7 days ago to History

Chastising lazy students since the 18th century B.C: "The second section begins by chastising Wenemdiamun for his slowness to obey and mourning that no amount of whipping can seem to fix his laziness. Nebmare-nakht says that Wenemdiamun would make in excellent scribe if he put himself to his work."
https://en.wikipedia.org/wiki/Papyrus_Lansing https://www.worldhistory.org/article/189/the-papyrus-lansing-be-a-scribeor-else/ #history #egyptology #somethingsneverchange

harrysintonen , 9 days ago (edited 9 days ago) to Cybersecurity

Several vulnerabilities have been discovered in #nscd, the Name Service Cache Daemon in the #glibc which may lead to denial of service or the execution of arbitrary code.

The vulnerability details:

• CVE-2024-33599: https://sourceware.org/bugzilla/show_bug.cgi?id=31677
• CVE-2024-33600: https://sourceware.org/bugzilla/show_bug.cgi?id=31678
• CVE-2024-33601: https://sourceware.org/bugzilla/show_bug.cgi?id=31679
• CVE-2024-33602: https://sourceware.org/bugzilla/show_bug.cgi?id=31680

https://lists.debian.org/debian-security-announce/2024/msg00087.html #vulnerability #infosec #cybersecurity #CVE202433599 #CVE202433600 #CVE202433601 #CVE202433602

harrysintonen , 9 days ago (edited 9 days ago) to Retro Gaming

https://pfr.sakamoto.pl/ #retrogaming #pinball #pinballfantasies

harrysintonen , 10 days ago to Random stuff

Somewhat embarrassing #bug broke #samba in #Debian unstable:

Setting up python3-samba (2:4.19.6+dfsg-2) ...
File "/usr/lib/python3/dist-packages/samba/ms_schema_markdown.py", line 25
try
^
SyntaxError: expected ':'
File "/usr/lib/python3/dist-packages/samba/ms_schema_markdown.py", line 25
try
^
SyntaxError: expected ':'
dpkg: error processing package python3-samba (--configure):
installed python3-samba package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of samba:
samba depends on python3-samba (= 2:4.19.6+dfsg-2); however:
Package python3-samba is not configured yet.

Fix: https://salsa.debian.org/samba-team/samba/-/commit/d1e04012eec6fcc111584590f8416991eddab0e3

harrysintonen , 12 days ago to Random stuff

"Have you tried turning it off and on again?" #badjokes #humor

harrysintonen , 12 days ago (edited 12 days ago) to Random stuff

Aleksanteri Kivimäki has been found guilty and sentenced to 6 years and 3 months for extortion and releasing confidential therapy records of the victims of the #vastaamopsychotherapycenter database breach. However due to the lax Finnish legal system he will serve only half of term in prison since he is considered a "first time offender". Consider the various criminal things he has done in the past - such as swatting @briankrebs and perpetrating credit card and other fraud - this feels unjust.

YLE news (in english): https://yle.fi/a/74-20086499 "Court hands Kivimäki 6-year prison sentence in historic hacking case" #vastaamontietomurto

harrysintonen , 12 days ago to Random stuff

#Finnair suspends flights to Tartu, Estonia until alternate approach method has been installed to the airport. Finnair has been unable to land to the airport due to Russian #GPSJamming - https://www.finnair.com/in-en/flight-information/travel-updates/finnair-suspends-flights-to-tartu-for-a-month-3383256 #gpsinterference #GPS #aviation #airtravel

icing , 14 days ago to Random stuff

When you‘re over 100 years old, IT systems are not your friend.

https://www.theguardian.com/technology/2024/apr/28/us-american-airlines-booking-system-woman-age-error

harrysintonen , 14 days ago to Random stuff

It's astounding how much anti-#GPL sentiment there still is in some circles. Even in 2024 there are individuals who happily repeat untrue statements such as "Any output/data generated by GPL software is GPL as well" and these go unchallenged in their echo chambers. Such ignorance might be arising from situations where this actually might become a problem unless handled specifically. For example compilers might link parts of GPL headers/code to the generated executable, such as is the case with GCC - hence requiring an exception: https://www.gnu.org/licenses/gcc-exception-3.1.en.html #licensing

harrysintonen , 14 days ago to Random stuff

#Netflix had devolved to rerun of old or b movies, weird low-budget sci-fi and uninteresting in-house series that get cancelled after the first season. The selection was especially bad in Finland, much worse than in other regions. The price hikes weren't the actual straw that broke the camel's back here, but it did not help either. Finally pulled the trigger, should have done so years ago.

harrysintonen , 14 days ago (edited 14 days ago) to Random stuff

Showing failures and how you approached fixing them is far more educational than just showing the successes like in a cooking show. How do you approach the problem, identify the mistake you made and then go on locating the actual root cause and fix it will teach others valuable lessons. Some of the best presentations I've seen have been about various way of failing to get something done (and sometimes even not reaching the goal in the end). #ThoughtOfTheDay

harrysintonen , 15 days ago to Random stuff

Watching a skilled person perform a high precision task well is enjoyable: https://youtu.be/JbSDdU8bJI0 #apple #iphone #upgrade

harrysintonen , 16 days ago to Hacking

Couple of days ago at @h0ffman twitch stream we were watching a cool #Amiga 500 demo “Multicolor” by Unique and a question popped up whether the soundtrack was available as a mod file. I didn’t find it with the usual searches so I set up to dump it from the demo. These are the steps I ended up doing:

1. Download the demo archive and extract the LhA archive.
2. Perform recon on the binary to identify what kind of a player it is. The binary wasn’t compressed and strings were visible. #ProTracker “M.K.” identifier wasn’t found but ThePlayer 6.1 player signature “P61A” was.
3. Load the binary in venerable Amiga Monitor.
4. Search the code section for “cmp.l #’P61A’,(a0)+”, magic value (0x0c,0x98,’P61A’) found inside the P61_Init routine.
5. Set a breakpoint inside the P61A_Init routine.
6. Execute the demo to run into the breakpoint to find the start address of the module (passed in register A0).
7. Write the “enough” bytes from A0 to a file. How much is enough? I guestimated the mod would not be more than 256K since the demo ran on A500 with 512K chip memory.
8. Launch P61Con converter and convert the P61 module back to regular ProTracker one.

I did this using our own PowerPC based operating system, #MorphOS. The demo itself and the P61Con are 68k amiga apps. This works because MorphOS has a JIT to enable transparent execution of 68k code. To top things off I ran MorphOS on my MacBook Pro M3 in #Qemu. This was 2 layers of JIT emulation: Apple Silicon M3 emulating PowerPC 7448 emulating Motorola 68060.

I'm sure that these days there are modern ways to carve the mod files (including P61A ones) from executables but resorting to the old ways™ was kind of fun.

Links:
• Multicolor by Unique: https://www.pouet.net/prod.php?which=51737
• The Player P61A converter: https://aminet.net/package/mus/misc/P6108
• MorphOS: https://www.morphos-team.net/
• The ripped mod file: https://sintonen.fi/scene/u-multicolor.mod

#demoscene #retrocomputing #hacking

The Player 6.1A modplayer P61_Init routine. Note the "cmp.l #"P61A",(a0)+" as par of the init routine.
MorphOS running in QEmu under macOS Sonoma.
The ripped mod playing in ProTracker 2 clone v1.57.

harrysintonen , 16 days ago to Zelda

This is quite insane: The Legend of #Zelda: Tears of the Kingdom - Great Sky Island Blindfolded: https://youtu.be/1qZm-8OW1DA?t=2188 #TotK #PointCrow #Nintendo

harrysintonen , 16 days ago to Cybersecurity

Any organisation not considering security solutions (such as VPN, firewalls, EDR/XDR/RRM) a #supplychain risk are living in denial. Just because some solution has a "security" in the name and is supposedly providing security doesn't mean the solution itself is exempt from scrutiny. In fact, security solution suppliers make an extremely attractive target for supply chain attack since the products typically are deployed at critical locations. #thoughtoftheday #infosec #cybersecurity

pancake , 16 days ago to Random stuff

It is me or people is posting MUCH less these last 2 days in here :?

harrysintonen , 17 days ago to Random stuff

#MSDOS 4.0 source code released under MIT License by #Microsoft - https://github.com/microsoft/MS-DOS

xezpeleta , 18 days ago to Random stuff

#TIL You can use #Curl to read and publish #MQTT messages https://curl.se/docs/mqtt.html

harrysintonen , 20 days ago (edited 20 days ago) to Hacking

I implemented Ken Thompson’s Reflections on Trusting Trust (1984 Turing Award Lecture) compiler #backdoor for the GNU Compiler Collection (GCC). The backdoor maintains persistence by re-injecting itself to any new versions of the compiler built. The secondary payload modifies a test application by adding a backdoor password to allow authentication bypass:

$ cat testapp.c
#include <string.h>
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv)
{
if (argc == 2 && !strcmp(argv[1], "secret"))
{
printf("access granted!\n");
return EXIT_SUCCESS;
}
else
{
printf("access denied!\n");
return EXIT_FAILURE;
}
}
$ gcc -Wall -O2 -o testapp.c -o testapp
$ ./testapp kensentme
access granted!
$

I spent most time (around two hours) writing the generalized tooling that produces the final quine version of the malicious payload. Now that this is done, the actual code can be adjusted trivially to exploit more target code without any need to adjust the self-reproducing section of the code. This method of exploitation could be extended to target various binaries: SSH Server, Linux Kernel, Setuid binaries and similar. While itself written in C, the secondary payloads can target any programming languages supported by GCC.

It should be noted that GCC build checks for malicious compiler changes such as this. This check can – of course – also be bypassed. However, most serious projects have measures in place to avoid hacks of this nature.

Some links:

• Ken Thompson's "Reflections on Trusting Trust" paper: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
• David A. Wheeler: "Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers" https://dwheeler.com/trusting-trust/

#hacking #exploitdevelopment #kenthompson #infosec #cybersecurity @vegard