0:00

Lord welcome to the Wednesday May twenty

0:02

ninth. Two thousand Twenty Four Addition off

0:05

the science and it stomps on as

0:07

storm cast. My name is Johan as

0:09

all right And then I'm recording from

0:11

Jacksonville, Florida. It's.

0:14

Something a little bit different today.

0:16

Know a diary but instead a

0:18

little a video talking about Siegel

0:20

Injection how to prevent it in

0:22

Python Sequin Jackson. Not a new

0:24

topic at all. actually I had

0:26

a diary couple years ago. I

0:28

think about that this little python

0:30

issue. but I thought given all

0:32

the seagull injection of on a

0:35

believe we had recently and assists

0:37

as announcement about getting rid of

0:39

single injection, maybe good to revisit

0:41

some of these issues. And oh

0:43

maybe. Getting. The mode of a doing

0:45

a couple more videos him an extent

0:47

couple weeks let me know if there

0:50

is a particular topic that you're interested

0:52

in. Over

0:54

to their don't have a

0:56

Single injection Born and Billions

0:58

that an O S Command

1:00

injection a wall my Billie

1:02

and this is one that

1:04

I already mentioned. The It's

1:06

and Forty net forty seem

1:08

and Derby now have a

1:10

roof concept. An additional details

1:12

from Horizon Three quick summary

1:14

here is it's trivial to

1:16

exploit and the the worn

1:19

ability actually is extremely similar.

1:21

Twelve wanna believe they patched

1:23

last year. Down to the

1:25

point where it's in a particular

1:27

A P I call where it's

1:29

busy, just the next parameter. There's

1:31

a server ip address that was

1:33

the parameter of that was Wanna

1:35

Bowl last year. while at this

1:37

time it was the Mound Point

1:39

which is the second parameter to

1:42

have this particular A P. I

1:44

call. Them It's pretty much just

1:46

the case of missing input validation. But actually,

1:48

maybe. That may. Make a

1:50

good of video for later. maybe

1:52

to talk node about west Command

1:54

injection and how to prevent some

1:56

of these smaller billy's because they

1:58

are very common. In and these

2:01

kind of a blinds. It's. And

2:04

Kaspersky came across some a ransom

2:06

error that actually takes advantage of

2:08

bit locker. seen as a couple

2:10

times in the past, but a

2:12

surprise we don't see it more

2:14

often. Given Nets bit locker, it

2:17

is a common component and been

2:19

no isn't is is considered a

2:21

benign is so excluded from any

2:23

kind of and I'm outta been

2:25

an offer sudden and goes out

2:27

and starts encrypting your files. Speed

2:29

hacker. it does create a random

2:32

passphrase. use it at who. Encrypt

2:34

the system, then deletes hidden forces

2:36

at a reboot. Probably the biggest

2:38

advantage sure to the attacker is

2:41

there is no crate weights to

2:43

display a ransom message to the

2:45

Us are. instead the volume off

2:48

of the tries to volume label

2:50

is just changed to a d

2:52

the attackers email address so the

2:55

victim would force have discovered this

2:57

which of course particular when you're

2:59

talking less sophisticated victims and such

3:02

as this may actually be. Missed.

3:05

And then we got a couple

3:08

more up Proof of concept Mana

3:10

believes of node A one is

3:12

of for out Warner Billie Nbg

3:14

Lipsey function icons the Simpson is

3:17

a use the to convert international

3:19

characters are international, conversion is kind

3:21

of what it's a sort force

3:24

and the born a belief particular

3:26

exploitable Vr P H P but

3:28

your best option the is just

3:30

the update and V lip see

3:33

end up These has been out

3:35

of for. A while now. And

3:39

if you need more motivation to

3:41

apply the latest Apple updates there

3:44

is have proof of concept exploit

3:46

for our want to believe that

3:48

Apple passed on May thirteen with

3:51

Mack West Sonoma Fourteen Point Five.

3:53

This is a privilege escalation worn

3:55

ability in the U D S.

3:58

The universal disc format thrive. And

4:00

er yes said the for of

4:03

contract for his out The researcher

4:05

who published at this particular exploit

4:07

the one at a O L

4:10

a n sit also published a

4:12

number of other wanna believe I

4:15

am just going and tall saw

4:17

a link as who have this

4:19

researchers that X profile so you

4:22

see some of the earth proof

4:24

cause exploits that of or recently

4:26

published by them. Well.

4:29

And visit A for a

4:31

two days. So thanks for

4:33

listening, thanks for subscribing and

4:35

thanks for letting all your

4:37

friends and enemies know about

4:40

this Podcast Thought: talk to

4:42

you again. Tomorrow by.