I liked ranting so much, I made it my job.
Pentester. I mostly break Web stuff but sometimes hardware too. OSINT from time to time.
Terrible music connoisseur.
@faker_ on Twitter.
#infosec #pentester #OSINT
| Blog | https://infosec.rm-it.de/ |
| Location | Munich, Germany |
The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen.
Mitigations were extremely thin at launch, and haven't improved much, and are even brittle and misleading:
https://infosec.exchange/@tychotithonus/116490466168316767
They've also largely neglected most of the value of the feedback they're getting from defenders clamoring for useful intel. The GitHub repo is full of feedback about which distros are affected or unaffected ... and a day later, none of it has been used to update the list of affected versions in the main README (except for the RHEL made-up version fix)
And this exchange is painful:
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/12
"None of us are RH people so it wasn't caught" 😐 You had weeks do basic vetting, or find someone who would help you.
Theori seems to have to have intended this to be a showcase for their product. Instead, it has convinced me that I will never buy anything from them.
Edit: Will Dorman goes into more detail here, 100% agreed:
https://infosec.exchange/@wdormann/116493725294723695
The CopyFail folks shouldn't have routed stderr to /dev/null in their workaround guidance. For some platforms, where it's not a module ... that mitigation is a no-op: ``` $ rmmod algif_aead rmmod: ERROR: Module algif_aead is builtin. ``` So if there's no kernel patch available yet, you can't use that workaround. Instead, use AppArmor / seccomp / SELinux to block unprivileged AF_ALG socket creation if you can (but don't just turn these hardening layers up if they''re not already in place - they can be tricky) #CopyFail #CVE_2026_31431
Every now and then I try to avoid Amazon.
This time I pre-ordered a book, it said "delivers in 1-2 weeks". OK, cool, it's not out yet, that's fine.
It came out and the site still said "in 1-2 weeks". OK I guess they meant *after* it releases, that's fine.
2 weeks after it releases: "delivers in 1-2 weeks"
Cancelled, ordered at Amazon, went into shipping the same day, arrived today.
On the other site it still says "in 1-2 weeks".
Yeah, I wonder why people keep using Amazon. If they had just written - at some point - we deliver it at 25. April or whatever I wouldn't even have cared. But no update like this? Come on.
My Gmail address is getting a ton of kleinanzeigen.de (comparable to craigslist) scam messages, interestingly all also from seemingly valid Gmail addresses.
The scammers look at postings on the site, and just take the first and last name of the profile who posted it and send direct mails to [email protected].
I don't post anything there, but I have a common name and got that fancy Gmail address.
Why does Google not catch this faster?
Most get marked as Spam by Gmail but not all.
Which is also weird, so Gmail detects it as Spam, but Gmail still allows the accounts to be active?
The binaries of HWMonitor and CPU-Z delivered from CPUIDs website appear to include malware at least for some time yesterday.
It looks like that the download URLs on their website were changed to point to malicious versions.
Boris Larin
Royce Williams
BasicAppleGuy
