@Raqbit

51 Followers
250 Following
91 Posts
------------[ cut here ]------------
Pronounshe/him
Webhttps://raqb.it
Githubhttps://github.com/raqbit
RaqbitJul 29, 2024
abby 🐝Jul 29, 2024
RaqbitJul 25, 2024
Show threadDan GoodinJul 25, 2024

Story is now live:

https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/

Secure Boot is completely broken on 200+ models from 5 big device makers

Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.

Ars Technica
RaqbitMay 28, 2024
Wandering StarMay 25, 2024
RaqbitApr 1, 2024
Thomas Roccia Mar 31, 2024

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)!

I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz

RaqbitMar 30, 2024
Show threadThorsten Leemhuis (acct. 1/4)Mar 30, 2024

Lasse Collin, original author of #Xz, replied on #LKML: https://lore.kernel.org/lkml/20240330144848.102a1e8c@kaneli/

"'"[…] I'm on a holiday and only happened to look at my emails and it seems to be a major mess.

My proper investigation efforts likely start in the first days of April. That is, I currently know only a few facts which alone are bad enough.

Info will be updated here: https://tukaani.org/xz-backdoor/"'"

#CVE20243094 #Linux #kernel #LinuxKernel #Backdoor

Re: [tech-board] [PATCH 00/11] xz: Updates to license, filters, and compression options - Lasse Collin

RaqbitMar 29, 2024
☃️karolherbst☃️Mar 29, 2024
R.I.P. xz
RaqbitMar 1, 2024
Faith EkstrandFeb 28, 2024

It's been a long time coming (well, not that long, really) but NVK is now ready for prime time:

https://www.collabora.com/news-and-blog/news-and-events/nvk-is-now-ready-for-prime-time.html

You can expect to see NVK show up in your favorite distro some time this year.

NVK is now ready for prime time

As of today, NVK is now a conformant Vulkan 1.3 implementation on Turing (RTX 2000 and GTX 1600 series), Ampere (RTX 3000 series), and Ada (RTX 4000 series) GPUs.

Collabora | Open Source Consulting
RaqbitDec 31, 2023
pancake Dec 31, 2023
RaqbitDec 31, 2023
PoroCYonDec 30, 2023

fyi, the recording of my talk at #37c3 is now available on media.ccc.de:

https://media.ccc.de/v/37c3-11736-nintendo_hacking_2023_2008

Nintendo hacking 2023: 2008

media.ccc.de
RaqbitDec 27, 2023
evacideDec 27, 2023
Security researchers presenting at CCC break down Triangulation, and it’s full of juicy tidbits: https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
Operation Triangulation: The last (hardware) mystery

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.

Kaspersky