Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mk.asie.pl/notes/9rvrcwrapu">asie (asie@mk.asie.pl)'s status on Wednesday, 10-Apr-2024 02:05:03 JST</a><a href="https://mk.asie.pl/@asie" title="asie@mk.asie.pl"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="asie" style="position: absolute; left: 0; top: 0;">asie</a><div><a href="https://cyberplace.social/@GossiTheDog/112240133594100004" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://cyberplace.social/@GossiTheDog">@GossiTheDog@cyberplace.social</a> The wild part is that this exploit was introduced in a firmware update in 2021, with seemingly no actual usecase other than to be exploited?<br><br><a href="https://github.com/PretendoNetwork/SSSL/">https://github.com/PretendoNetwork/SSSL/</a><br><br>"As of 5.5.5, CA's crafted in a specific way may take a newly introduced alternate path for verification. This allows for a CA's signature to not be verified correctly. Instead, the Wii U simply checks if the CA matches one already known by the system, but not the signature or contents of the CA. We have no idea why this change was made, as it does not benefit Nintendo at all. It almost feels intentional."</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2915331#notice-5802009">In conversation</a><time datetime="2024-04-10T02:05:03+09:00" title="Wednesday, 10-Apr-2024 02:05:03 JST">about 8 months ago</time> <span>from <span><a href="https://mk.asie.pl/notes/9rvrcwrapu" rel="external" title="Sent from mk.asie.pl via ActivityPub">mk.asie.pl</a></span></span><a href="https://mk.asie.pl/notes/9rvrcwrapu">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/PretendoNetwork/SSSL/">GitHub - PretendoNetwork/SSSL</a></h5><div></div></header><div>Contribute to PretendoNetwork/SSSL development by creating an account on GitHub.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
asie (asie@mk.asie.pl)'s status on Wednesday, 10-Apr-2024 02:05:03 JSTasie
in reply to
- Kevin Beaumont
@GossiTheDog@cyberplace.social The wild part is that this exploit was introduced in a firmware update in 2021, with seemingly no actual usecase other than to be exploited?

https://github.com/PretendoNetwork/SSSL/

"As of 5.5.5, CA's crafted in a specific way may take a newly introduced alternate path for verification. This allows for a CA's signature to not be verified correctly. Instead, the Wii U simply checks if the CA matches one already known by the system, but not the signature or contents of the CA. We have no idea why this change was made, as it does not benefit Nintendo at all. It almost feels intentional."
In conversationabout 8 months ago from mk.asie.plpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  GitHub - PretendoNetwork/SSSL
  Contribute to PretendoNetwork/SSSL development by creating an account on GitHub.

Public

Embed Notice

HTML Code

Corresponding Notice