Archive for September 5, 2022

Monday, September 5, 2022 [Tweets] [Favorites]

Peter Eckersley, RIP

Seth Schoen (via Hacker News, Slashdot):

I’m devastated to report that Peter Eckersley (@pde), one of the original founders of Let’s Encrypt, died earlier this evening at CPMC Davies Hospital in San Francisco.

Peter was the leader of EFF’s contributions to Let’s Encrypt and ACME over the course of several years during which these technologies turned from a wild idea into an important part of Internet infrastructure. He also took a lot of initiative in coalescing the EFF, Mozilla, and University of Michigan teams into a single team and a single project. He later served on the initial board of directors of the Internet Security Research Group.

You can find a very abbreviated version of this history in the Let’s Encrypt paper, to which Peter and I both contributed.

Previously:

Web Pages Can Overwrite Your Clipboard

Jeff Johnson:

Chrome is currently the worst offender, because the user gesture requirement for writing to the clipboard was accidentally broken in version 104. A public demonstration of the brokenness has been posted on Web Platform News. If you simply visit the demonstration page in Google Chrome or a Chromium browser, then your system clipboard will be overwritten with the text below.

[…]

If the user gestures were limited to the keyboard shortcut for copy (⌘C on the Mac) or selecting the “Copy” command in a menu (main or contextual), that might be fine. But the gestures are not strictly limited in this way. In my testing, the following DOM events give a web page permission to use the clipboard API to overwrite your system clipboard[…] Therefore, a gesture as innocent as clicking on a link or pressing the arrow key to scroll down the page gives the web site permission to overwrite your system clipboard!

Using Environment Variables to Find Escaped Processes

Ben Martin:

Now what happens when the program crashes during a test? The developer is happy because they found a bug before submitting it. But the machine may not be. This type of crash will often leave behind child processes which will quickly gunk up the server, causing other tests to fail in unexpected ways. We need to find and terminate these stray processes or work will quickly grind to a halt.

[…]

Environment variables are one of the key ways that we can get information into a process when it launches.

[…]

When process finishes, search for any process by the current user that have the right environment variable/value combination

Kill all the escaped processes you found

However, as of macOS 11, System Integrity Protection prevents reading other processes’ environment variables—probably for the best.

PayPal Phishing Scam Invoices

Brian Krebs:

While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. For starters, all of the links in the email lead to paypal.com. Hovering over the “View and Pay Invoice” button shows the button indeed wants to load a link at paypal.com, and clicking that link indeed brings up an active invoice at paypal.com.

Also, the email headers in the phishing message (PDF) show that it passed all email validation checks as being sent by PayPal, and that it was sent through an Internet address assigned to PayPal.

The e-mail really is sent through PayPal. The trick is that it encourages you to call a phone number, where they tell you to download remote control software.