Untitled attachment

Notices where this attachment appears

1. Embed this notice
   Will Dormann (wdormann@infosec.exchange)'s status on Wednesday, 02-Apr-2025 03:02:15 JST Will Dormann

   in reply to

   If we test with our own custom WDAC rules, we can confirm that all of the allowed properties to block by are indeed obeyed by Windows. Specifically:
   Hash, FileName, FilePath, SignedVersion, PFN, Publisher, FilePublisher, LeafCertificate, PcaCertificate, RootCertificate, WHQL, WHQLPublisher, WHQLFilePublisher

   When we test these blocking techniques individually, they all seem to work fine. Including blocking by signing cert (FilePublisher). So this suggests that WDAC blocking by signing cert is not broken, but rather there's something broken about the Microsoft recommended driver block rules list when it's not enforced by HVCI.

   However, in the process of testing individual blocking techniques, I've discovered a third vulnerability. On a system that is successfully using the FilePath WDAC blocking directive, if I enable HVCI, that block will suddenly stop blocking.

   That is, while turning on HVCI is a wise move across the board, this is a specific case where having HVCI enabled is ironically less secure than having it off. The Microsoft recommended driver block rules doesn't have any entries based on FilePath, so this block list is unaffected by this problem. But surely there's somebody out there with FilePath block rules that is unknowingly missing protection on systems with HVCI enabled.

   To eliminate variables, I got these screenshots by starting with a system that has a working FilePath WDAC block enabled, and simply enabled HVCI on that same system. The mere act of enabling HVCI on a system causes a working FilePath rule to stop working.

   It truly is bugs all the way down, but just to summarize what we've discovered after pulling a thread about blocked drivers not being blocked:

   1. If HVCI is off, then the Microsoft recommended driver block rules list will not block any entries that are present based on signing certificate (FilePublisher)
   2. The driver block list that you get by enabling the "Microsoft Vulnerable Driver Blocklist" feature in windows is not merely delayed (Microsoft reports that it's updated 1-2 times per year) from the public list, but more importantly it's a different list that you get. (Further investigation in how it differs is required)
   3. If HVCI is on, any FilePath-based blocks will be ignored.
2. Embed this notice
   Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Monday, 23-Dec-2024 10:07:23 JST Ryan Castellucci :nonbinary_flag:

   I'm trying to get a Raspberry Pi Zero W updated to Alpine Linux 3.21, and it is not so much working.

   It's supposed to be offering a console via USB gadget serial, but it doesn't seem to be booting far enough to do so. 😕

   Maybe it just needs a very long time?

3. Embed this notice
   LukeAlmighty 🇨🇿 (lukealmighty@gameliberty.club)'s status on Thursday, 10-Oct-2024 23:50:32 JST LukeAlmighty 🇨🇿

   According to Hajime Isayama, the creator of Attack on Titan, the idea for the Titans themselves came to him when he encountered a drunk customer at the internet café where he was working.

   It is seriously insane, that I heard such a huge spoiler without even realizing it. Sure... Alcohol turned the guy into a monster. :pepelol:

4. Embed this notice
   HistoPol (#HP) 🏴 🇺🇸 🏴 (histopol@mastodon.social)'s status on Tuesday, 30-Apr-2024 23:37:38 JST HistoPol (#HP) 🏴 🇺🇸 🏴

   in reply to

   @GreenFire

   Thanks, Kevin. I had anticipated the max rate.
   Clearly, once again, it isn't a law for the rich, but for the poorer masses of the population.

   Other advanced nations forsee a fine calculated on the daily rate of income, e.g. in Germany.

   9 violations already, with no end in sight, this law is clearly not working.

   It's good to hear, though, that there's something else in store for #TFG, as he'll surely continue to ignore gag orders.

   @thehill

5. Embed this notice
   Constantin (he/him) :nonazis: (conluegering@nrw.social)'s status on Tuesday, 09-Apr-2024 17:57:54 JST Constantin (he/him) :nonazis:

   Dear #Fediverse,
   I'm looking for a page on the Internet, which list dozens of different activities and methods on new ways of working.

   It was gathered under a known term (two words?). The page has a table with many activities, all represented with a small square black and white symbol.

   Can anybody give me a nudge in the right direction? Might be related to Holocracy as well?

   (Update: Found it, see my reply)

   #FediPower
   #FollowerPower
   #PleaseBoost

6. Embed this notice
   ramonita :trantifa: (ramonita@todon.eu)'s status on Saturday, 13-Jan-2024 04:59:18 JST ramonita :trantifa:

   in reply to

   @aenea @scrappy_capy_distro There are cops everywhere and there's always has been. The problem is that Germans are so terrified of going to jail that they let the existence of cops prevent them from any building of community, any proposal of action. Which is of course the reason for the cops in the first place, counter-insurgency 101: The snitches are not there to catch people who punch nazis, they're there to make people too paranoid to propose punching nazis. It's working.

   It's "security culture" converted into an excuse to prioritise individual interests. Go to a Kurdish meeting some day--don't worry, unlike Germans they're open to outsiders and to different opinions--and see how expansively they organise, how welcoming of new people. And then realise that they are under *way* stronger surveillance and face *way* stronger repression than white German antifa ever will.