!

al 
al

June 23, 2019 03:04PM
V8 Chrome

Exodus Intelligence, , Chrome, . , JavaScript- V8 .

Chrome , . , V8, V8, Chrome. , Chrome, , - V8 Chrome.

, , Chrome. , "--no-sandbox" sandbox-. ( sandbox).
Chrome . , Chromium, Chrome
Canary Beta . , ( , sandbox, , ).

Array.prototype.map JIT- TurboFan, V8 18 git, Chrome. , . , , sandbox, Chrome.
avatar Re:
June 23, 2019 03:19PM
SMT/Hyper-Threading,



() () (CVE-2018-5407) (SMT Hyper-Threading) Intel. PortSmash , , , , .

(zip)
P-384 TLS-, OpenSSL. CPU, . Intel Skylake Kaby Lake Ubuntu 18.04.

OpenSSL 1.1.0i 1.1.1. , , , .

- (Execution Engine) Hyper-Threading. 13 CVE-2005-0109, .
avatar Re:
June 23, 2019 03:44PM
Pwn2Own 2019 Firefox, Edge, Safari, VMware VirtualBox



Pwn2Own 2019, CanSecWest . Firefox, Edge, Safari, VMware Workstation VirtualBox. 510 ( 2 ).

:

$35 - VirtualBox: + race condition, -;
$35 - VirtualBox: , ;
$40 - Firefox: JIT + sandbox-;
$50 - Firefox: JIT + Windows ;
$45 - Safari, JIT + root .
$50 - Microsoft Edge: + sandbox;
$55 - Safari sandbox-;
$70 - VMware Workstation: race condition + VMware client, -;
$130 - Microsoft Edge VMware -.

Linux (nginx, OpenSSL, Apache httpd) , Ubuntu ( 2017 0-day Linux).

Tesla Model 3 ( VCSEC Chromium). Tesla 900 .

: - Tesla Model 3 JIT- , Chromium. $35000. VCSEC Tesla Model 3 .
avatar Re:
June 23, 2019 03:55PM
WPA3 EAP-pwd



(Mathy Vanhoef), KRACK WPA2, (Eyal Ronen), TLS, (CVE-2019-9494 - CVE-2019-9499) WPA3, . Dragonblood Dragonfly, offline-. WPA3 Dragonfly EAP-pwd, Android, RADIUS- hostapd/wpa_supplicant.

WPA3. , , . (downgrade attack): WPA2 ( , WPA2 WPA3) WPA2 , , WPA2. , downgrade- Dragonfly, .

Dragonfly, , , . Dragonfly (hash-to-curve) (cache attack), (hash-to-group) (timing attack).

, . , . 8- , , 40 (handshake) , Amazon EC2 125 .

:

WPA2 . WPA3, WPA2, , WPA2. WPA2 , , , . SAE.

, , iwd, Intel wpa_supplicant, Samsung Galaxy S10 downgrade- , WPA3 - WPA3-, WPA2 .
. Dragonfly , , if-then-else. , , offline- WPA2. , ;
. Dragonfly (MODP) , MAC- . .
. - . WPA3 MAC-.
, WPA3. , P-521 P-256, P-521 , ,
P-521 , P-256. .

:

Dragonslayer - EAP-pwd;
Dragondrain - SAE (Simultaneous Authentication of Equals), ;
Dragontime - SAE, MODP 22, 23 24;
Dragonforce - ( ) .

Wi-Fi Alliance, , , WPA3-Personal . . Wi-Fi Alliance , . hostap/wpa_supplicant. Ubuntu. Debian, RHEL, SUSE/openSUSE, Arch, Fedora FreeBSD .
avatar Re:
June 23, 2019 04:17PM
WhatsApp,



(CVE-2019-3568) WhatsApp, . , . .

Signal, WhatsApp VoIP-. SRTCP (Secure Real-time Control Protocol). WhatsApp Android ( 2.19.134), WhatsApp Business Android ( 2.19.44), WhatsApp iOS (2.19.51), WhatsApp Business iOS (2.19.51), WhatsApp Windows Phone (2.18.348) WhatsApp Tizen (2.18.15).

WhatsApp , SMS, , , , . WhatsApp .

, WhatsApp Facetime Zero , . WhatsApp , fuzzing- , .. , .

Facebook . . , NSO Group, Amnesty International.

NSO Group ( ), . NSO , ( ) . , WhatsApp- .

NSO , , c , , , .

Facebook , ( 1.5 WhatsApp).
avatar Re:
August 31, 2019 10:31AM
Android- CamScanner, 100 .


CamScanner, Android- . Google Play 100 . Trojan-Dropper.AndroidOS.Necro.n, .

CamScanner . , , . , ( ), , , (SIM-) .

Google CamScanner Google Play, , Cover art

, Google Play 34 , -. 100 . McAfee Google Play -, ; .
, .

,