Today I have spent way too much time handling the https://copy.fail situation #copyfail
The persons who discovered it didn't notify the distribution security list, so no patched kernels was available for people to install when they released it.
But they did have time to write an exploit, and thought it was a good idea to distribute that on day one, before vendors had time to provide patches.
I'm not very impressed with xint.io, I guess it's the marketing department that runs the show.
@alexanderkjall they also had time to obfuscate their exploit.
@fun @alexanderkjall It's minified rather than obfuscated, I think they did that just so they could say it was only 732 bytes.
It's also likely that they just asked an LLM to minify it, given that the whole article was so obviously AI-generated and not even proofread (it originally claimed to have been tested on RHEL 14.3, which does not exist)
It's also likely that they just asked an LLM to minify it, given that the whole article was so obviously AI-generated and not even proofread (it originally claimed to have been tested on RHEL 14.3, which does not exist)
@noisytoot @alexanderkjall it's also obfuscated IMO. Why need to zlib.decompress ? Can't you give us the data itself without compression?
A bunch of variables also have quite meaningless names. It really does scream a lot like obfuscation.
A bunch of variables also have quite meaningless names. It really does scream a lot like obfuscation.
@fun @alexanderkjall both of those are for minification: if it used descriptive variable names and didn't compress the payload it would have been longer than 732 bytes
@noisytoot @alexanderkjall it's just not serious
Follow
@fun @noisytoot @alexanderkjall It is not serious, but OTOH the exploit is simple enough that it's still relatively easy to decipher.
