raptor 

Excellent #security research work and blog post by @quarkslab 🔥

#PixieFail: Nine #vulnerabilities in #Tianocore's EDK II #IPv6 network stack

https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

Congrats to @4Dgifts who’s #stillhacking after so many years. Inspiring 🙏

PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack.

This blog post provides details about nine vulnerabilities affecting the IPv6 network protocol stack of EDK II, TianoCore's open source reference implementation of UEFI.

Quarkslab's blog
Jan 18, 2024 at 8:17amWeb
Show threadmetlstormJan 18, 2024
@raptor @quarkslab @4Dgifts that vendor communication timeline, my god. Having justify tcp seq numbers like it’s 1995, smdh. We offered our commiserations to @4Dgifts et al on this weeks @riskybusiness episode. Patience of a saint! 🤦‍♀️
Show threadquarkslabJan 18, 2024
@metlstorm @raptor @4Dgifts @riskybusiness 🙏​thank you
Show threadmetlstormJan 18, 2024
@raptor @4Dgifts @riskybusiness no thank you @quarkslab, having to think about IPv6 that much already deserved a hug and a good cry, then having to deal with a vendor thats all "WELL IF YOURE SO SMART WHY DONT YOU FIX OUR SOFTWARE FOR US, NERDS" 🤦 I almost felt bad laughing out loud reading the timeline.
Show threadraptor Jan 18, 2024
@metlstorm @quarkslab @4Dgifts @riskybusiness “Reiterated that the purpose of reporting the vulnerabilities was to help vendors identify and fix them, not to debate about the editorial policies for Quarkslab research work. Nonetheless it was willing to discuss that, as well as the quality and lack of technical information in the security advisories and bulletins published by vendors, at an appropriate venue or in a different context.” 💯