pull down to refresh

Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
20 sats \ 1 reply \ @harrr 1 Feb
You should always assume that anybody with a shell access or physical access can become root and act accordingly.
reply
Unfortunately, you're right 👍
reply
what are the chances that hackers are using AI to analyze the code to find vulnerabilities ?
reply
100 sats \ 1 reply \ @niftynei 1 Feb
just found a guy on X who’s doing exactly this (except seems white hat??)
reply
0 sats \ 0 replies \ @ek 1 Feb
Some people might have multiple hats on :)
reply
That's already a thing, a friend of mine works at a company which sells a product like this (automated internal pentesting).
They use machine learning to detect common vulnerable code, network configurations etc.
It's similar to what this company does: https://xmcyber.com/platform/
reply
Nowadays, AI will be the primary tool for making hackers' life easier
reply
Conversely, AI will be the primary tool to make networks more resilient. I guess I am drinking from the glass half full.
reply
NixOS developers have patched glibc. The commits are in the "staging-next" branch, so the fix is not widely available, but it's being fast-tracked.
glibc updates cause mass rebuilds (since almost everything depends on glibc), so I bet the Hydra build servers are very busy at the moment.
Notice that the patch was not backported any further than 23.11, which is the latest stable release.
reply
Physical acces is pwnage. LUKS/Bitlocker/FileVault your shit.
reply
yikes
reply