Jan 24, 2023

People have been asking me about Bitwarden ever since LastPass has been breached. While I never took an in-depth look, I now at least evaluated the claims regarding their encryption:

https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/

While the password manager being completely open-source with the option to self-host is great, otherwise I’m not too impressed.

Activation Context Cache Poisoning: ZDI Sr Vuln Research Simon Zuckerbraun details this new class of privilege escalation vulnerabilities that has already been used in the wild. He also looks at the code changes #Microsoft has introduced in response. https://www.zerodayinitiative.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation

@[email protected] @[email protected] though I'd argue it wasn't entirely new in 2022 ;-)

https://bugs.chromium.org/p/project-zero/issues/detail?id=1749

Some security thoughts on a super strange topic: how rationalists and nihilists have it wrong, and why the infosec community is ahead of the curve.

This is going to be a weird thread tying together an epic James Mickens USENIX Security keynote, Ken Thompson's classic Turing Award speech, Chapman's insights on the failure of modernity and rationalism and postmodernity, and more. So, let's begin.

did you know you can infer what version of Windows an executable was built on (or at least what version of the Windows SDK was targeted) by how many fields its load configuration directory has?

the structure remained unchanged from WinXP, until Win8.1 Update 3 when they added new fields for Control Flow Guard support. the same fields were used in the initial Win10 release (version 1507)

the structure was iteratively expanded in versions 1511, 1607, 1703, 1709, 1803, 1809, 21H1, 21H2, and 22H2.