Comments by "WloCkuz" (@wlockuz4467) on "Low Level" channel.

  1. attacker can't overflow the stack if its already overflown
    647
  2. Thanks
    229
  3. To put it in comparison, its the same score as the xz backdoor that was recently uncovered. Its so ridiculous. Jia Tan probably died inside when he saw the severity score.
    196
  4. Have your tried iterating over the generated code with ChatGPT? Prompt it to find the vulnerabilities in the code it wrotn and then the corresponding fixes. Would be an interesting video.
    44
  5. This is the first time I fully understood a CVE from start to finish.
    41
  6. If everyone has ring 0 access, no one has ring 0 access.
    41
  7. Shh that's the backdoor once the use-after-free is fixed
    34
  8. ​ @iwolfman37 What is 2b2t? I only know the oldest anarchy server in Minecraft
    23
  9. Plot twist: It was actually a complimentary feature to Recall to make it easier to steal user data. They wanted it to be a walk in the park, hence the low attack complexity.
    12
  10. People often role their eyes at style guides, or having their PRs blocked because it doesn't follow a certain style rule. They don't understand how easy it makes for third parties looking at your code.
    8
  11. Calling this a critical Linux exploit is a bit ridiculous.
    8
  12.  @unperrier   I hope you're being sarcastic. xz was an elaborate supply chain attack, or at the least it was supposed to be. While this vulnerability which is hardly a Rust vulnerability and more of Windows vulnerability is the classic case of unsanitized input creating problems. The most important thing to differentiate here is that the Rust bug only happens when accepting user input in very specific conditions, so the attack surface is already tiny. A backdoor in comparison is way more serious because just by using a backdoored version of a lib your software immediately becomes vulnerable, so this is a huge attack surface. Worst part is you wouldn't even realise this because the backdoor is in one of the dependencies and not in your own code.
    6
  13. Can someone explain how does this happen? How does someone commit a backdoor into proprietary code?
    4
  14. ​ @LowLevelTV  So the backdoor is planted using some existing vulnerable code on the device, which is why shutting down the device requires reinitialization of backdoor, that makes more sense, thanks!
    3
  15. It doesn't affect my Lamborghini, won't fix.
    3
  16. This is an amazing video that showcases actual work involved in finding CVEs
    2
  17. There must be something wrong with the timeline, because this feature was proposed, reviewed, planned and implemented by hundreds of people and no one stopped to think how horrible this feature would be from a user perspective.
    1
  18. Damn 2024 is not off to a good start with the CVEs.
    1
  19. I don't care about tabs or spaces, but man indentation of 4 characters has always looked nicer.
    1
  20. The only VPN I've ever trusted is ProtonVPN. Its from the same guys that made Protonmail so I would say they know what they're doing when it comes to privacy. And best of all, they also use OpenVPN so their service layer is open source.
    1
  21. These rules are extreme, especially the functions with 60 LOC, but then again they do operate in the most extreme there is.
    1
  22. Who is Ed, I only know the Low Level Learning guy.
    1
  23. Few days later the channel name will be just
    1
  24. We sure live in crazy times man. Remember when games just used to be CDs and nothing more.
    1
  25. This is why I always use Netscape Navigator.
    1
  26. This also makes me wonder, if the Chinese are willing to disclose this, what other knowledge do they have that they would prefer to keep it to themselves.
    1
  27. Its hilarious that a cybersec company did more damage to the world than the hacks/hackers it tries to protect against.
    1
  28. Imagine writing an exploit so elaborate that it makes any security researcher drop their jaws, only for it to be discovered by someone benchmarking postgres and noticing their SSH logins using abnormal amount of CPU. The attacker must feel like the smartest and the most unluckiest person alive right now. Andres Freund - Is the name of the researcher who found this backdoor.
    1
  29.  @b4ux1t3-tech  I am not speaking from a whether it can do your job perspective, just whether or not its actually able to spot the vulnerability and provide the fix. I have never seen its as a replacement for devs. Always seen it as a productivity tool, especially when using some new tech, for example a language or library.
    1
  30.  @b4ux1t3-tech  But the back and forth brainstorming with ChatGPT just feels so human its unbeatable for me. I know half the times its not accurate and will just make up things but it's still an impressive technology.
    1
  31. I think I understood a few words.
    1
  32. Did I just witness division by multiplication? My whole life has been a lie.
    1
  33. Thanks LLL! Would love more cyber sec content!
    1
  34. Microsoft: We put 10b in OpenAI and we are gonna use every last cent
    1
  35. PR Changeset "abcd" -> "abcde" Increased password entropy for encrypting the private key
    1