DLK Posts

ventoy

Ventoy

A New Bootable USB Solution

What is Ventoy

Ventoy is an open source tool to create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI files.
With ventoy, you don’t need to format the disk over and over, you just need to copy the ISO/WIM/IMG/VHD(x)/EFI files to the USB drive and boot them directly.
You can copy many files at a time and ventoy will give you a boot menu to select them.
You can also browse ISO/WIM/IMG/VHD(x)/EFI files in local disks and boot them.
x86 Legacy BIOS, IA32 UEFI, x86_64 UEFI, ARM64 UEFI and MIPS64EL UEFI are supported in the same way.
Most types of OS supported (Windows/WinPE/Linux/ChromeOS/Unix/VMware/Xen…)
940+ image files are tested,     90%+ distros in distrowatch.com supported,

ventoy.net

The Rolling PWN

INTRODUCTION

Modern vehicles are often equipped with a remote keyless entry system. These RKE systems allow unlocking or starting the vehicle remotely. The goal of our research was to evaluate the resistance of a modern-day RKE system. Our research disclosed a Rolling-PWN attack vulnerability affecting all Honda vehicles currently existing on the market (From the Year 2012 up to the Year 2022). This weakness allows anyone to permanently open the car door or even start the car engine from a long distance.

The Rolling-PWN bug is a serious vulnerability. We found it in a vulnerable version of the rolling codes mechanism, which is implemented in huge amounts of Honda vehicles. A rolling code system in keyless entry systems is to prevent replay attack. After each keyfob button pressed the rolling codes synchronizing counter is increased. However, the vehicle receiver will accept a sliding window of codes, to avoid accidental key pressed by design. By sending the commands in a consecutive sequence to the Honda vehicles, it will be resynchronizing the counter. Once counter resynced, commands from the previous cycle of the counter worked again. Therefore, those commands can be used later to unlock the car at will.

rollingpwn.github.io/rolling-pwn/

github.com/nonamecoder/CVE-2022-27254

hacked law enforcement email systems gives hackers access to personal User Data From Apple, Meta and many more

Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.

https://www.bloomberg.com/news/articles/2022-03-30/apple-meta-gave-user-data-to-hackers-who-forged-legal-requests

There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death.

https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/