Dark mode: ON

Infosec Decoded Season 3 #68: BGP Flaws

With @sambowne@infosec.exchange

Tue, Aug 29, 2023

Sam Bowne

Grave flaws in BGP Error handling
BGP has over 32 different route attribute types, 14 deprecated ones, and 209 officially unassigned ones. Routers that receive a packet with an attribute they don't understand simply pass it along unchanged. This can be used to create a "wormable" BGP attack: a malicious BGP packet could traverse intermediate routers and then cause errors in the targeted routers that understand it and process it in an insecure manner. By fuzzing, the author found vulnerable routers from Juniper, Nokia, FRR, OpenBSD, and Extreme Networks. The vendor response to these disclosures was very disappointing.

Aggressive Cancer Cells Transformed Into Healthy Cells in Breakthrough
Rhabdomyosarcoma is a type of cancer that's most often seen in children and adolescents. Scientists noticed that leukemia cells are not fully mature, similar to undifferentiated stem cells that haven't yet fully developed into a specific cell type. Differentiation therapy forces those cells to continue their development and differentiate into specific mature cell types.

Computer scientists develop open-source tool for dramatically speeding up the programming language Python
Programs written with Python are notoriously slow—up to 60,000 times slower than code written in other programming languages. The new profiler "Scalene" works to efficiently identify exactly where Python is lagging, allowing programmers to troubleshoot and streamline their code for higher performance. Once Scalene has identified where Python is having trouble keeping up, it then uses AI—leveraging the same technology underpinning ChatGPT—to suggest ways to optimize individual lines, or even groupings of code.

GM is using Google’s AI chatbot to handle simple OnStar calls
The use of AI chatbots to handle navigation requests has freed up OnStar operators to field more complex queries, including requests for emergency services.

Amazon CEO reportedly told remote employees: ‘It’s probably not going to work out’
Amazon ordered its employees to return to the office for three days per week starting in May. Jassy reportedly said employees can leave if they don’t want to comply. “It’s not right for all of our teammates to be in three days a week and for people to refuse to do so,” Jassy stated.

IBM’s CEO, who froze hiring for thousands of back-office jobs and predicted A.I. would take up to 50% of new jobs, just piled into a $4.5 billion tech unicorn’s Hugging Face massive new $235 million funding round

Natural ways to lower high blood pressure might be better than medicine, researchers say
Only about one in four of the 122 million Americans with high blood pressure have their condition under control. A study from Japan found that moderate physical exercise for only 30 to 60 minutes per week decreased blood pressure for those with untreated high blood pressure. Exercising for 61 to 90 minutes reduced it even further. In time, regular exercise can be more effective than medicine. Next, experts recommend cutting salt intake.

A Brazilian phone spyware was hacked and victims’ devices ‘deleted’ from server
The Portuguese-language app WebDetetive was used to compromise over 76,000 phones. Hackers compromised WebDetetive’s servers, and they enumerated and downloaded every dashboard record, including every customer’s email address. Then they deleted victim devices from the spyware network altogether, effectively severing the connection at the server level to prevent the device from uploading new data. "Which we definitely did. Because we could. Because #fuckstalkerware," the hackers wrote.

Elon Musk’s FSD v12 demo includes a near miss at a red light and doxxing Mark Zuckerberg
The 45-minute video was meant to demonstrate v12 of Tesla’s Full Self-Driving but ended up being a list of things not to do while using FSD. Musk is also in violation of Tesla’s own rules about how drivers should behave while using FSD. By filming the drive himself from the driver’s seat and also interacting with Twitter commenters during the drive, Musk is ignoring his own company’s guidelines that advise drivers to keep their hands on the steering yoke at all times.

San Francisco Tech Bros Host Testosterone-Testing Parties—Is It Junk Science?
Studies say men today generally have less testosterone compared with previous generations of men. T-Party founder Tang said he has tested blood for dozens of men at three different events: first in Colombia, then in New York City and most recently in tech haven San Francisco. Tang wants men to reduce dependence on pills or supplements, and introduce a "natural" approach that includes practicing healthy habits can that can help raise testosterone levels.