This Week In Security: Triangulation, ProxyCommand, And Barracuda

It’s not every day we get to take a good look inside a high-level exploit chain developed by an unnamed APT from the western world. But thanks to some particularly dedicated researchers at Kaspersky, which just happens to be headquartered in Moscow, that’s exactly what we have today. The name Operation Triangulation was picked, based off part of the device fingerprinting code that rendered a yellow triangle on an HTML canvas.

The entire talk is available, given this week at the 37th Chaos Communication Congress, 37c3. The exploit starts with an iMessage attachment, delivered silently, that exploits an undocumented TrueType font instruction. Looking at the source code implies that it was a copy-paste error where a programmer didn’t quite get the logic right for a pointer calculation. That vulnerability gives a memory write primitive that pivots into code execution. What’s particularly interesting is that Apple silently fixed this bug January 2023, and didn’t make any public statements. Presumably there were an uptick of crash logs that pointed to this problem, but didn’t conclusively show attempted exploitation.

The exploits then moves to using NSExpression as a next stage. NSExpression is an ugly way to write code, but it does allow the exploit chain to get to the next stage, running JavaScript as an application, without Just In Time compilation. The JS payload is quite a beast, weighing in at 11,000 lines of obfuscated code. It manages to call native APIs directly from JS, which then sets up a kernel exploit. This is multiple integer overflow flaws that result in essentially arbitrary system memory reads and writes. Continue reading “This Week In Security: Triangulation, ProxyCommand, And Barracuda”

The Gopher Revival Is Upon Us

A maxim for anyone writing a web page in the mid 1990s was that it was good practice to bring the whole thing (including graphics) in at around 30 kB in size. It was a time when the protocol still had some pretence of efficient information delivery, when information was self-published, before huge corporations brought everything under their umbrellas.

Recently, this idea of the small web has been experiencing something of a quiet comeback. [Serge Zaitsev]’s essay takes us back to a time before the Internet as we know it was born, and reminds us of a few protocols that have fallen by the wayside. Finger or Gopher, both things we remember from our student days, but neither of which was a match for the browser.

All is not lost though, because the Gemini protocol is a more modern take on minimalist Internet information sharing. It’s something like the web, but intentionally without the layer upon layer of extraneous stuff, and it’s been slowly gathering some steam. Every time we look at its software list it becomes more extensive, and we live in hope that it might catch on for use with internet-connected microcontroller-based computing. The essay is a reminder that the internet doesn’t have to be the web, and doesn’t have to be bloated either.

Generating 3D Scenes From Just One Image

The LucidDreamer project ties a variety of functions into a pipeline that can take a source image (or generate one from a text prompt) and “lift” its content into 3D, creating highly-detailed Gaussian splats that look great and can even be navigated.

Gaussian splatting is a method used to render NeRFs (Neural Radiance Fields), which are themselves a method of generating complex scenes from sparse 2D sources, and doing it quickly. If that is all news to you, that’s probably because this stuff has sprung up with dizzying speed from when the original NeRF concept was thought up barely a handful of years ago.

What makes LucidDreamer neat is the fact that it does so much with so little. The project page has interactive scenes to explore, but there is also a demo for those who would like to try generating scenes from scratch (some familiarity with the basic tools is expected, however.)

In addition to the source code itself the research paper is available for those with a hunger for the details. Read it quick, because at the pace this stuff is expanding, it honestly might be obsolete if you wait too long.