Stefan Gast

PhD Candidate in the CoreSec group at #TUGraz, focusing on side-channel security. Apart from that, I also post #Linux and #privacy related stuff.

Opinions posted here are my own and do not necessarily reflect those of my employer.

Stefan Gast boosted:
Bailiff of Gradecalekov@fosstodon.org
2025-06-10

Today my hometown was shaken to the core by unspeakable horror. A frenzied attacker and former student shot eleven people including himself at a grammar school. My deepest condolences to the bereaved.

orf.at/stories/3396391/ (GER)

#graz #amok #graz1006

Stefan Gast boosted:
Nikolaj SchlejCodeRush
2025-06-10

The embargo is over, so here it is: coderush.me/hydroph0bia-part1/

I can't stress the "NEVER USE NVRAM AS TRUSTED STORAGE" part harder, but now we all have a very nice example of a thing to not ever do, or have your SecureBoot and FW updater signing being vulnerable to all people who can set non-volatile RT variables by calling a dedicated OS API.

Stefan Gast boosted:
2025-06-09

Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit.

bleepingcomputer.com/news/secu

Stefan Gast boosted:
Zack Whittakerzackwhittaker
2025-06-09

New: A security researcher found a bug that revealed the private recovery phone number of almost any Google account.

TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.

techcrunch.com/2025/06/09/goog

Stefan Gast boosted:
2025-06-09

DIMVA '25 takes place in Graz this year!
It’s the 22nd Conference on Detection of Intrusions and Malware & Vulnerability Assessment.

Check out the @DIMVAConf program and register now:
dimva.org/dimva2025/

#DIMVA25

Stefan Gast boosted:
Linux Kernel Securitylinkersec@infosec.exchange
2025-06-09

Bypassing MTE with CVE-2025-0072

Article by Man Yue Mo about exploiting a page use-after-free vulnerability in the ARM's Mali GPU driver in the code that manages userspace-mapped pages.

Author published an exploit for this bug that disable SELinux and gains root privileges on Pixel 8 running from the untrusted_app context. The exploit is not affected by MTE.

Article: github.blog/security/vulnerabi
Exploit: github.com/github/securitylab/

Stefan Gast boosted:
Frederik Braun �freddy@security.plumbing
2025-06-09

Great research by folks from IMDEA Networks, Radboud University, Digital Security Group & iHub, and COSIC, KU Leuven on the "localmess" disclosure (localmess.github.io/).

We have always known that native mobile apps will maximize the data collection and use whatever the operating system gives them as long as it doesn't cause a prompt (and often times even if it causes a prompt). 1/3

Stefan Gast boosted:
2025-06-07
I tried to improve on @carrot_c4k3 's work to bypass Windows KASLR with a prefetch side-channel. I summarized my results in a new blog post, spiced up with some geek art:

https://scrapco.de/blog/visualizing-prefetch-infoleaks-to-defeat-kaslr.html
prefetch instruction timing noise visualized
2025-06-07

@rw Does not seem to be sandboxed properly, though. 🙂

2025-06-05

@mirren Boosted, of course, and best of luck! 🤞

Stefan Gast boosted:
2025-06-05

This is hard to write: My partner got ✨ eigenbedarf ✨ in his Munich flat. He lived there for over 10 years, always paid his rent on time, and adheres to my rather high cleaning standards. He's also quiet, a German citizen and overall a pleasant person. If you have any pointers on a flat in Munich, please let us know (:
(It's for one person; we don't live together and don't necessarily plan to do so. I visit about once a month, never longer than a few days).

Stefan Gast boosted:
2025-06-05

OMG, GSW is back!

Our annual summer school on cybersecurity will open its doors in September!
You can look forward to five days of interesting talks, practical lab sessions, and a big social event. 😎☀️
📅 September 1st–5th, 2025

📍Aula, TU Graz, Rechbauerstraße 12

Register now!
securityweek.at/

Stefan Gast boosted:
2025-06-04

🚨 #Messengerüberwachung in #Österreich

"@rene_mobile von der Universität #Linz sah die von Regierungsseite gewollte #Überwachung nur möglich, wenn #Sicherheitslücken genutzt würden, die man quasi staatlich fördere. Es werde damit in IT-Unsicherheit aller Geräte investiert, anstatt diese laufend zu verbessern."

👉
orf.at/stories/3395791/

Stefan Gast boosted:
2025-06-04

Content-Type: text/shitpost

Stefan Gast boosted:
Vorinstanz :mastodon:Vorinstanz@social.tchncs.de
2025-05-31

#Messenger -Überwachung in #Österreich... Kritik an breiter Front #Datenschutz

orf.at/stories/3395340/

Stefan Gast boosted:
2025-05-30

Local vulnerabilities in Kea DHCP

lwn.net/Articles/1023093/ #LWN

Stefan Gast boosted:
2025-05-30
"[Qualys] discovered a vulnerability in apport [...], and a similar vulnerability in systemd-coredump [...]: a race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"

https://www.openwall.com/lists/oss-security/2025/05/29/3

CVE-2025-5054 CVE-2025-4598
Stefan Gast boosted:
Jan Wildeboer 😷:krulorange:jwildeboer@social.wildeboer.net
2025-05-29

Introducing #Unfixium. A material mix of plastic, glue, electronics that poses a riddle when trying to open it for repair. Unfixium often comes in the form of power bricks, rechargeable devices, routers and more. It does not forgive mistakes and immediately shatters into pieces that will never return to its original form, leaving you with the ruins of modern technology that can not even be recycled.

Stefan Gast boosted:
Thorsten Leemhuis (acct. 1/4)kernellogger@hachyderm.io
2025-05-26

#Linux 6.15 is out:

lore.kernel.org/lkml/CAHk-=wiL

For a list of new features see a short news story from LWN.net (lwn.net/Articles/1022457 ) or their two in-depth articles (lwn.net/Articles/1015414/ & lwn.net/Articles/1016119/) as well as the kernelnewbies page on 6.15 that is still WIP (kernelnewbies.org/Linux_6.15 ).

Quote from the announcement:

'"So this was delayed by a couple of hours because of a last-minute bug report resulting in one new feature being disabled at the eleventh hour[1], but 6.15 is out there now.

Apart from that final scramble, things looked pretty normal last week. […]

And this obviously means that the merge window opens tomorrow as
usual […]

Anyway, please keep testing,

Linus"'

[1] Disable FOP_DONTCACHE for now due to bugs – git.kernel.org/torvalds/c/478a

Stefan Gast boosted:
2025-05-26

Bosch versetzt spexor-Geräten den Todesstoß

Bosch schaltet den "mobilen Sicherheitsassistenten" spexor ab. Die Deaktivierung der Cloud-Server macht die teuren Geräte unbrauchbar.

heise.de/news/Bosch-versetzt-s

#CloudDienste #InternetderDinge #IT #Mobiles #SmartHome #news

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst