HomeSearchPrevious dayNext day

00:02:42andrewnyr quits [Quit: The Lounge - https://thelounge.chat]
00:03:37Webuser127348 joins
00:05:23andrewnyr joins
00:06:12<Webuser127348>Did you make copies of all of your VHS tapes?
00:27:54<Webuser127348>What are you working on? I'm downloading "Romset of all original Xbox games: closes on 2026-05-01" https://mega.nz/folder/uz410RTR#a7AIQml9TZdUzuxL2l5_fQ
00:28:30<Webuser127348>It was brought up by this guy: https://boards.4chan.org/t/thread/1307654#p1397400 - but where the hell did he get that mega.nz link?
00:38:55Webuser127348 quits [Client Quit]
01:45:27<nicolas17>copy.fail disclosure wasn't responsible/coordinated enough imo
01:46:13<nicolas17>ready-to-use exploit in the official blog post came out hours ago and many distros still don't have updates
02:01:21SootBect1 quits [Remote host closed the connection]
02:02:32SootBector (SootBector) joins
02:14:22etnguyen03 (etnguyen03) joins
02:18:51<@JAA>Yeah, something went wrong with getting the fix backported to older kernels, which is what most distros ship.
02:18:52<TheTechRobo>algif_aead doesn't seem loaded on any Linux system I've checked?
02:19:22<nicolas17>almalinux still doesn't have update available, so I tried removing the module
02:19:24<nicolas17>"rmmod: ERROR: Module algif_aead is builtin."
02:19:40<TheTechRobo>Debian trixie on my laptop, bookworm on some servers I manage, ubuntu 22.04 on some others
02:19:50<TheTechRobo>"rmmod: ERROR: Module algif_aead is not currently loaded"
02:19:52<@JAA>Yes, RHEL and its derivatives don't currently have a workaround as I understand it.
02:19:53<nicolas17>TheTechRobo: it might be loaded on demand when you try using it, so you have to not only rmmod but also blacklist it
02:19:58<nicolas17>try running the exploit
02:20:02<TheTechRobo>ooh, I see
02:20:43<@JAA>Not just blacklist, disable, although blacklisting might be sufficient as long as you trust yourself to not load it manually.
02:21:26<nicolas17>JAA: at least this isn't anything important, just uhhh KDE's CI runners :|
02:21:39<@JAA><this-is-fine.png>
02:24:32Czechball quits [Quit: Ping timeout (120 seconds)]
02:27:49Czechball joins
02:50:25unknownsrc quits [Ping timeout: 268 seconds]
02:54:52unknownsrc (unknownsrc) joins
02:57:30goecho quits [Read error: Connection reset by peer]
02:57:37goecho (goecho) joins
03:29:44<@JAA>One-liner to test whether the module is getting autoloaded: `python3 -c 'import socket; s = socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET); s.bind(("aead","authencesn(hmac(sha256),cbc(aes))"))'; lsmod | grep algif`
03:30:51<nicolas17>JAA++
03:30:52<eggdrop>[karma] 'JAA' now has 368 karma!
03:32:54etnguyen03 quits [Client Quit]
03:39:11etnguyen03 (etnguyen03) joins
03:41:17PredatorIWD46 joins
03:43:27PredatorIWD4 quits [Ping timeout: 268 seconds]
03:43:27PredatorIWD46 is now known as PredatorIWD4
03:46:11etnguyen03 quits [Remote host closed the connection]
03:50:59<cruller>https://shivankaul.com/blog/firefox-bundles-adblock-rust
03:52:10nine quits [Quit: See ya!]
03:52:23nine joins
03:55:44<@hook54321>great stuff, reduces the number of extensions most people need
04:03:04Ryz quits [Quit: Ping timeout (120 seconds)]
04:03:35dxrt quits [Quit: ZNC - http://znc.sourceforge.net]
04:03:50Ryz (Ryz) joins
04:03:59dxrt joins
04:25:23Czechball quits [Ping timeout: 268 seconds]
04:54:23Czechball joins
05:48:51<klea>Oh yeah, their PoC is also kind of sketchy lol, why obfuscate via zlib compression the payload.
06:28:43michaelblob7641 quits [Quit: yoop]
06:31:45michaelblob7641 joins
06:40:02<nicolas17>klea: because they want the clickbait of saying how many bytes the exploit is
07:01:29anarcat quits [Ping timeout: 268 seconds]
07:22:46anarcat (anarcat) joins
07:36:52arch quits [Remote host closed the connection]
07:37:04arch (arch) joins
08:03:43cm quits [Ping timeout: 268 seconds]
08:03:49cm joins
08:54:54BornOn420 quits [Ping timeout: 268 seconds]
09:46:07simon816 quits [Remote host closed the connection]
09:50:42simon816 (simon816) joins
10:07:29SootBector quits [Remote host closed the connection]
10:08:50SootBector (SootBector) joins
10:09:38Matthww quits [Quit: The Lounge - https://thelounge.chat]
10:19:34Matthww joins
10:24:32grill_ (grill) joins
10:28:04grill quits [Ping timeout: 268 seconds]
10:46:59<steering>I would love it if someone could explain exactly how the payload works xP
10:47:40<steering>I was expecting it to just be a sequence of amd64 instructions that it patches into place but it appears to actually be an ELF of some sort
11:00:06Bleo1826007227196234552220110 quits [Quit: The Lounge - https://thelounge.chat]
11:01:21<that_lurker>https://copy.fail/ mitigate or patch your linux servers. The assho... security researcher relased POC immediately
11:02:50Bleo1826007227196234552220110 joins
11:04:10<BlankEclair>glad that the exploit didn't work on my server lol
11:07:01<steering>BlankEclair: err.. in what way? xP
11:07:10<BlankEclair>socket creation fails :p
11:07:16<steering>ah ok
11:07:38<BlankEclair>this means that i do not have to lose me ~110d uptime
11:08:48<steering>i'm not immediately worried about an LPE anyway.
11:09:46<steering>i did go ahead and block the module on the couple of systems i haven't rebooted yet though
11:15:44<multisn8>that_lurker: fyi the patch has been in-kernel since beginning of April -- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 (from https://nvd.nist.gov/vuln/detail/CVE-2026-31431)
11:16:38<that_lurker|m>Who uses the latest kernel :-P
11:18:11<that_lurker|m>Hopefully ubuntu backports the patch so you wont need to use kernel 7.0
11:37:31<steering>if its compiled in you can apparently add initcall_blacklist=algif_aead_init to your kernel cmdline and reboot
11:38:14<steering>also https://www.openwall.com/lists/oss-security/2026/04/30/6 figured out what the payload does
13:16:45multisn8 quits [Quit: WeeChat 4.9.0]
13:43:44Lord_Nightmare quits [Quit: ZNC - http://znc.in]
13:47:04Lord_Nightmare (Lord_Nightmare) joins
14:15:10Czechball quits [Quit: Ping timeout (120 seconds)]
14:22:06multisn8 (multisn8) joins
14:27:25<klea>https://qntm.org/chatscp
15:06:48rohvani quits [Ping timeout: 268 seconds]
15:25:51<klea>Lovely :( https://lists.zx2c4.com/pipermail/cgit/2016-December/003445.html
15:26:07<klea>Still seems to be the case as of cgit 1.3-korg https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=b3bee1e7c3f2b1b77182302c7b2131c804175870
15:30:26HackMii quits [Remote host closed the connection]
15:30:51HackMii (hacktheplanet) joins
15:41:06<steering>ima yoink https://lists.zx2c4.com/pipermail/cgit/2017-March/003523.html though
15:52:25klea wonders if steering is going to yoink https://causal.agency/list/thread/20250919203857.3489887-1-6f6ce944663ab5-lists%40iwnp.org.html
15:54:06f_ quits [Remote host closed the connection]
15:54:51f_ (funderscore) joins
15:55:33<steering>sure
15:55:57<klea>Yay!
15:56:23steering builds cgit again again
15:57:11<steering>i should probably feed this vm more cores xP
16:12:20<klea>cruller: What's the benefit of AWS Snowball over say moving hard drives directly?
16:23:36<@JAA>Cooler name.
16:25:06<that_lurker>with AWS Snowball you can store your data in the cheap AWS glacier and then hope that the time you need to restore the data it was ransomwared as it's cheaper to pay them instead of AWS
16:26:41<klea>So hope that I didn't dd if=/dev/urandom of=/dev/disks* and it was some ransomware to pay the ransomware people instead of AWS?
16:29:20<@JAA>I think cruller just means sneakernetting data into an archival service so you don't have to go through the internet if you have low bandwidth or lots of data.
16:29:54<@JAA>AWS Snowball is just moving HDDs after all (in a proprietary box).
16:30:53<klea>Ah, yeah that'd be neat probably.
16:31:17<klea>Maybe your disks will have to wait for a while for the data to be ingested from them into the service, and then you wait until they send it back.
16:31:50<that_lurker>Sad that they killed the Snowmobile. That was cool. A truck that would hold 100 petabytes
16:34:59pabs quits [Quit: Don't rest until all the world is paved in moss and greenery.]
16:35:24pabs (pabs) joins
16:58:58grill_ is now known as grill
17:06:02<steering>lmao >and then hope that the time you need to restore the data it was ransomwared as it's cheaper to pay them instead of AWS
17:06:05<steering>that_lurker++
17:06:05<eggdrop>[karma] 'that_lurker' now has 73 karma!
17:14:27Matthww quits [Ping timeout: 268 seconds]
17:19:01<cruller>JAA: Yeah, I mentioned AWS Snowball simply because it’s the most famous sneakernetting service; I didn’t put much thought into it.
17:25:30nyakase5 quits [Quit: @ERROR: max connections (-1) reached -- try again later]
17:31:15<cruller>If humans were to send countless pieces of data into space, would some aliens archive them?
17:32:24nyakase5 (nyakase) joins
17:34:25<@JAA>Hmm... pingfs with Voyager 2?
17:36:48<that_lurker>during the time the data is in transtit at space maybe
17:40:27<that_lurker>if we are not currently seeing life beyond earth then during the 80 to 90 thousand years it would take for example voyager 1 to reach the nearest star (not our sun :-)) life on some planets could be at space transit level of society
17:41:11<that_lurker>unless we really where the first to get life then it could still take millions of year for life to mature in other planets
17:42:54<nicolas17>steering: the payload is quite straightforward
17:43:22<nicolas17>I don't know how the ELF header works, there seems to be no sections or segments
17:43:25<nicolas17>but the code is https://paste.debian.net/hidden/ba915939
17:43:44<steering>nicolas17: yeah, klea found another version of it where the payload is in straight C
17:44:31<steering>and I had already found that much of it (see my line containing https://www.openwall.com/lists/oss-security/2026/04/30/6)
18:02:55Webuser977221 joins
18:42:43HP_Archivist quits [Quit: Leaving]
18:48:47<klea>https://www.tumblr.com/teaboot/768886887096172544/me-yes-sir-i-understand-that-the-office-door
18:50:06midou quits [Remote host closed the connection]
18:50:08midou joins
19:31:05Matthww joins
20:08:31ArchivalEfforts quits [Quit: No Ping reply in 180 seconds.]
20:09:51ArchivalEfforts joins
20:11:23iseaup quits [Ping timeout: 268 seconds]
20:26:58<nicolas17>https://bsky.app/profile/retr0.id/post/3mkqgcbkkuc2n "if you find a cool security bug I bet you could make the most money from it by selling it to an AI startup so they can pretend their tooling found it"
20:28:54<@JAA>lol
20:30:09<klea>Oh, fun, more people coming from the same IP but instead of to hackint, to another IRC network.
20:35:34iseaup (iseaup) joins
20:36:22steering wonders what IP is that
20:43:44<klea>Apparently a "crosby school district in texas" IP, 74.124.44.78.
20:45:54<steering>what about it...? i dont see it anywhere in my logs
20:47:04<steering>very out of the blue here :P
20:52:45<klea>On another network
20:54:36<steering>anyway if theyre causing trouble start emailing people ;) https://www.crosbyisd.org/departments/technology-services/staff-directory
20:55:36<steering>"but instead of to hackint" seems to imply something similar was happening here :P
20:59:32<klea>Some people connected here and acted as they were different, not sure if that was the case, nor care to look it up on logs.
21:01:31rohvani joins
21:02:15<steering>ah
21:07:50<klea>I think to #archivebot if you want to check in your personal logs.
21:23:22yano quits [Quit: WeeChat, https://weechat.org/]
21:24:49didyousayboop quits [Quit: did you say boop?]
21:28:22yano (yano) joins
21:29:50didyousayboop joins
21:34:44etnguyen03 (etnguyen03) joins
21:46:37<steering>https://www.azlyrics.com/ is there anything better than a design that hasn't been updated in 20 years?
21:46:41<steering>(ok, yes, there, is, but still.)
21:54:54<@JAA>A design that hasn't been updated in 30 years?
22:01:37etnguyen03 quits [Client Quit]
22:03:49ATinySpaceMarine quits [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
22:07:01ATinySpaceMarine joins
22:08:16<steering>I was thinking of a design that's completely modern html but looks like it hasn't been updated in 20 years, but yeah, that too
22:08:59<steering>this is very much from the era of "everything is either a div or a span"
22:11:44<steering>JAA: trixie-security fixed
22:12:47<@JAA>Yeah, two hours ago or so.
22:23:22systwi_ quits [Quit: systwi_]
22:23:58fionera quits [Ping timeout: 268 seconds]
22:28:17ivan quits [Ping timeout: 268 seconds]
22:28:17nothere quits [Ping timeout: 268 seconds]
22:28:37ivan joins
22:33:11fionera joins
22:33:21fionera is now known as RJHacker85724
23:25:28etnguyen03 (etnguyen03) joins
23:37:04nothere joins
23:42:28etnguyen03 quits [Client Quit]
23:42:56DogsRNice joins

HomeSearchPrevious dayNext day