Wednesday, July 21, 2021
IMPROMPTU STATEMENT ON THE STAIRS OF U.S. Capitol Liz Cheney: GOP leader Kevin McCarthy seeking to block real Jan. 6 inves...
Cheney Says McCarthy Shouldn’t Be Speaker After He Pulls Jan. 6 Committee Picks
In remarks outside the Capitol building, Cheney accused McCarthy of “disingenuous” rhetoric, citing his opposition to an independent, bipartisan commission to probe the attack that Senate Republicans blocked in May.
Cheney, who was appointed to the committee by House Speaker Nancy Pelosi earlier this month, said McCarthy has tried to “prevent the American people from understanding what happened” on Jan. 6 at “every opportunity.”
Asked if McCarthy should become speaker if Republicans win the House in 2022, Cheney said the position should go to someone who can demonstrate a “commitment to the Constitution and… the rule of law,” adding that McCarthy “has not done that.”
McCarthy’s move to withdraw all five of his picks came after Pelosi rejected two of them – Reps. Jim Jordan (R-Ohio) and Jim Banks (R-Ind.) – to preserve the “integrity of the investigation.”
Cheney suggested she supported Pelosi’s decision, citing “disgraceful” rhetoric about the committee from Jordan and Banks, who both signaled they intended to be partisan bomb-throwers.
Cheney suggested she supported Pelosi’s decision, citing “disgraceful” rhetoric about the committee from Jordan and Banks, who both signaled they intended to be partisan bomb-throwers.
Key Background
Cheney, the former chair of the House Republican conference, is one of the few vocally anti-Trump members of her party, having voted with nine other Republicans to impeach the ex-president over the Capitol attack. She was ousted as conference chair in May after her colleagues expressed frustration over her willingness to break with McCarthy and criticize Trump.
Tangent
Pelosi declined to say whether she consulted Cheney about her decision to veto Jordan and Banks. She declined to comment when asked about McCarthy pulling his appointments."
Techdirt Scatter-Trashes Axios
As White House Says It's 'Reviewing 230', Biden Admits His Comments About Facebook Were Misinformation
from the of-course,-not-in-those-words dept
"In the never ending stupidity saga, kicked off by the White House picking a fight with Facebook because Facebook hasn't banned 12 individuals (who were named as disinformation dozen by the Center for Countering Digital Hate), things have kicked up a notch -- and nobody involved in the debate seems to know how any of this works. First, the White House has claimed that it is "reviewing Section 230" whatever that means.
"Industry leaders fear net neutrality rules will pave the way for the government to set broadband prices and have argued that the rules deter investment in the sector."
It literally takes about sixty seconds of research to find that this claim was never actually true. . .
"Net neutrality has become an expensive, time-wasting exercise that has little real world effect," Michael Powell, president of cable trade group NCTA, said in a statement. "The drama detracts from focusing on genuine broadband issues, most critically our collective effort to get broadband to communities that lack service."
Again, the "real world effect" was that the FCC was left largely powerless to protect consumers right before a pandemic struck and gave everybody a painful crash course on the importance of broadband. The "real world effect" was that the repeal left federal and state regulators less prepared to rein in billing fraud (like bogus fees) and other harms of mindless monopolization (aka limited competition). And the "real world effect" was that with neither competition nor regulatory oversight to constrain them, regional telecom monopolies doubled down on shitty behavior, price hikes, and layoffs just as most folks predicted.
> Then there's here where Axios quotes a lobbyist busy arguing that doing anything other than letting AT&T dictate all federal telecom policy is doomed to failure:
"Of course, we can all suit up to play another game of ping pong, with yet another administration, but the inevitable years-long regulatory proceeding, exhaustive court challenges and likely trip to the U.S. Supreme Court some three or four years from now serves no one."
. . .And the White House isn't doing anyone any favors by claiming that getting rid of Section 230 would actually help. If anything, it would make things way worse, by vastly cutting back on the ability of websites (including Facebook) to experiment with better approaches to actually minimizing the impact of misinformation on their platforms.
On top of that, as some are noting, this appears to be yet another case of the government trying to cover up its own policy failings by blaming social media. "
Filed Under: content moderation, disinformation, joe biden, kate bedingfield, liability, misinformation, section 230, vaccines
Companies: facebook
YIKES!
Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling
Both OSes have flaws that allow attackers with a toehold to elevate access.
"The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources.
As operating systems and applications become harder to hack, successful attacks typically require two or more vulnerabilities. One vulnerability allows the attacker access to low-privileged OS resources, where code can be executed or sensitive data can be read. A second vulnerability elevates that code execution or file access to OS resources reserved for password storage or other sensitive operations. The value of so-called local privilege escalation vulnerabilities, accordingly, has increased in recent years.
Breaking Windows
The Windows vulnerability came to light by accident on Monday when a researcher observed what he believed was a coding regression in a beta version of the upcoming Windows 11. The researcher found that the contents of the security account manager—the database that stores user accounts and security descriptors for users on the local computer—could be read by users with limited system privileges.
That made it possible to extract cryptographically protected password data, discover the password used to install Windows, obtain the computer keys for the Windows data protection API—which can be used to decrypt private encryption keys—and create an account on the vulnerable machine. 
The result is that the local user can elevate privileges all the way to System, the highest level in Windows.
“I don’t know the full extent of the issue yet, but it’s too many to not be a problem I think,” researcher Jonas Lykkegaard noted. “Just so nobody is in doubt what this means, it’s EOP to SYSTEM for even sandboxed apps.” . .
The advisory explained:
If a VSS shadow copy of the system drive is available, a non-privileged user may leverage access to these files to achieve a number of impacts, including but not limited to:
- Extract and leverage account password hashes
- Discover the original Windows installation password
- Obtain DPAPI computer keys, which can be used to decrypt all computer private keys
- Obtain a computer machine account, which can be used in a silver ticket attack
Note that VSS shadow copies may not be available in some configurations; however, simply having a system drive that is larger than 128GB in size and then performing a Windows Update or installing an MSI will ensure that a VSS shadow copy will be automatically created. To check if a system has VSS shadow copies available, run the following command from a privileged command prompt:
vssadmin list shadows
Researcher Benjamin Delpy showed how the vulnerability can be exploited to obtain password hashes or other sensitive data:
Q: what can you do when you have #mimikatz🥝 & some Read access on Windows system files like SYSTEM, SAM and SECURITY?
— 🥝 Benjamin Delpy (@gentilkiwi) July 20, 2021
A: Local Privilege Escalation 🥳
Thank you @jonasLyk for this Read access on default Windows😘 pic.twitter.com/6Y8kGmdCsp
Currently, there is no patch available. A Microsoft representative said company officials are investigating the vulnerability and will take appropriate action as needed. The vulnerability is being tracked as CVE-2021-36934. Microsoft said here that exploits in the wild are "more likely."
Et tu, Linux kernel?
Most versions of Linux, meanwhile, are in the process of distributing a fix for a vulnerability disclosed on Tuesday. CVE-2021-33909, as the security flaw is tracked, allows an untrusted user to gain unfettered system rights by creating, mounting, and deleting a deep directory structure with a total path length that exceeds 1GB and then opening and reading the /proc/self/mountinfo file
“We successfully exploited this uncontrolled out-of-bounds write and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation,” researchers from Qualys, the security firm that discovered the vulnerability and created proof-of-concept code that exploits it, wrote. “Other Linux distributions are certainly vulnerable, and probably exploitable.”
The exploit Qualys described comes with significant overhead, specifically roughly 1 million nested directories. The attack also requires about 5GB of memory and 1 million inodes. Despite the hurdles, a Qualys representative described the PoC as “extremely reliable” and said it takes about three minutes to complete.
INSERT >
Linux users may generally be able to say that their computers are more secure than Windows PCs, but that doesn’t mean they’re invulnerable, as this newly-identified exploit demonstrates. Spotted by Qualys, the size_t-to-int type conversion vulnerability likely affects most Linux OSes, the researchers warn.
“Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation,” Bharat Jogi, Senior Manager of Vulnerabilities and Signatures at Qualys, explains. “Other Linux distributions are likely vulnerable and probably exploitable.”
The security team notified Red Hat Product Security of CVE-2021-33909 and CVE-2021-33910, alerting vendors and open-source distribution about the vulnerabilities. If you’re running a Linux system, you should be looking to see if there are patches for your computer as a matter of urgency. A Qualys representative told ArsTechnica that it would take just three minutes or so to undertake the exploit.
Here’s an overview of the exploit:
1/ We mkdir() a deep directory structure (roughly 1M nested directories) whose total path length exceeds 1GB, we bind-mount it in an unprivileged user namespace, and rmdir() it.
2/ We create a thread that vmalloc()ates a small eBPF program (via BPF_PROG_LOAD), and we block this thread (via userfaultfd or FUSE) after our eBPF program has been validated by the kernel eBPF verifier but before it is JIT-compiled by the kernel.
3/ We open() /proc/self/mountinfo in our unprivileged user namespace and start read()ing the long path of our bind-mounted directory, thereby writing the string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated buffer.
4/ We arrange for this "//deleted" string to overwrite an instruction of our validated eBPF program (and therefore nullify the security checks of the kernel eBPF verifier) and transform this uncontrolled out-of-bounds write into an information disclosure and into a limited but controlled out-of-bounds write.
5/ We transform this limited out-of-bounds write into an arbitrary read and write of kernel memory by reusing Manfred Paul's beautiful btf and map_push_elem techniques from:
https://www.thezdi.com/blog/2020/4/8/cve-2020-8835-linux-kernel-privilege-escalation-via-improper-ebpf-program-verification
Qualys has a separate writeup here.
People running Linux should check with the distributor to determine if patches are available to fix the vulnerability. Windows users should await advice from Microsoft and outside security experts.
MOBILITY OBJECT Citroen: AMI, 100% ELECTRIC MOBILITY ACCESSIBLE TO ALL
- 100% ELECTRIC: zero CO2 emissions for the benefit of all and access to all city centres, with an easy, silent and smooth drive. A battery that charges in just 3 hours from a standard electrical socket, like a smartphone.
- COMPACT AND AGILE: an ultra-compact 2.41m size and 7.20m turning diameter, making city travel and parking simple.
- COMFORTABLE AND PROTECTIVE: small on the outside and large on the inside, Ami enables 2 people to travel side by side comfortably, with an enclosed and heated passenger compartment, very bright, yet protected from the outside.
- ASSERTIVE AND CUSTOMISABLE IDENTITY: its original style, the play on symmetrical structure and its unique presence give Ami a unique character. Its customisation possibilities invite to play with different appearances thanks to the 6 coloured accessory packs available.
MOBILITY FOR ALL
- NO LICENCE: accessible from 14 years old in France (16 years old on average in European countries). With or without a driving licence, Ami is for everyone.
- “A LA CARTE”: Ami is accessible at any time thanks to offers designed to meet each and everyone’s needs, from one minute to one year and more, to share, to rent or to buy.
- AFFORDABLE: ultra-competitive offers adapted to different uses
Long-term rental: €19.99 per month (Ami Ami version; long-term rental of 48 months, initial payment €2,644, ecological bonus of €900 including VAT deducted in France)
Free2Move car-sharing: from €0.26/min (subject to a monthly subscription of €9.90 with no commitment)
Purchase: from €6,000 incl. VAT (Ami Ami version; bonus of €900 including VAT deducted in France)
NEW CUSTOMER EXPERIENCE
- 100% ONLINE JOURNEY: to discover, configure, buy Ami 24/7
- NEW DISTRIBUTION CHANNELS: Ami has a partnership with Fnac and Darty in order to be featured in particpating stores as well within the Citroën participating network. Ami will also meet customers where they are with dedicated mobile test-drive centres.
- HOME DELIVERY: Ami can to be directly delivered at home for added convenience.
-
Flash News: Ukraine Intercepts Russian Kh-59 Cruise Missile Using US VAMPIRE Air Defense System Mounted on Boat. Ukrainian forces have made ...
