Bogus CVE. Spam.

From the PoC:

Replace the original DLL (such as Notepad++\plugins\NppExport\NppExport.dll) with a DLL file with the same name containing malicious code

If you replace parts of a program with malware then you can get malware to run. This is true of all software.

Direct metal liquid contact from pin to pin! I love it.

(Not to mention how satisfying it is to get a pile of undamaged ICs after recycling)

Read-only, or the ability to edit filenames & upload files?

Read only: as per other answers here, basically any HTTP server. The easiest one I know would be darkhttpd, because it requires no config files and can be run without root.

Read write: I like WFM https://github.com/tenox7/wfm

I swear that I read that white lead oxide is water soluble, thus happily sticks to your fingers and then gets on your food. I must be misremembering.

Maybe it was something about the solid lead object turning into an (oxide) powder that can then be easily ported as tiny particles on greasy hands? Hearsay science and safety information from me today :)

The fun thing about Pb is it’s relatively safe in pure form. Unfortunately the oxides that appear on its surface are water soluble and love entering our bodies.

Just looked this up, apparently I’m completely wrong. Maybe I was thinking about lipid compatibility? Not sure now.

Welcome to security news theatre :(

I don’t think espressif would bother suing, these kind of misshapen claims get constantly made against popular projects all of the time. It’s just unusual to see so much coverage about this particular one.

Not so say that externally attackable vulnerabilities in an ESP32 don’t exist, they might. Bluetooth devices have an awful track record. But making them up doesn’t help the world.

Bleepingcomputer’s title and article are very misleading, the presentation did NOT reveal a backdoor into an ESP32. It looks like Bleepingcomputer completely misunderstood what was presented (EDIT: and tarlogic isn’t helping with the first sentence on their site).

Instead the presentation was about using an ESP32 as a tool to attack other devices. Additionally they discovered some undocumented commands that you can send from the ESP32 processor to the ESP32 radio peripheral that let you take control of it and potentially send some extra forms of traffic that could be useful. They did NOT present anything about the ESP32 bluetooth radio being externally attackable.

Another perspective that might help: imagine you have a cheap bluetooth chipset that is open source and well documented. That would give you more than what the presentation just found. Would Bleepingcomputer then be reporting it’s a backdoor threatening millions of devices?

It looks identical to me. Same size before clicking, same size after right clicking -> Open image in new tab.

*mooshrooms

Replacing a TCP socket with a UNIX socket doesn’t affect the amount of headers you have to parse.

We rented our technology and could not read nor write.

Something weird https://ace-ev.com.au/

• Claim to be “made in Australia”
• Don’t provide any photos of their production line or factory.
• Underpowered (max speed 100kmph)

Perhaps imported and then assembled in Australia?

Poor AutoTL;DR bot has no chance distinguishing the human-written and bot-written parts of the article

25/10 for 65AUD/m (43USD/m). Australia, NBN (monopoly across entire country, technically government owned but run like a private corp because of politics). It’s the lowest speed now available, but it’s already overpriced. $780/year is far more than all of my wifi capable equipment is worth together, including laptops.

Ah thanks, sorry, I was thinking of my MK3.

Are you turning off the magnetic ABL, or using it through the garolite?

So this problem is intermittent? Eep. If you’re lucky enough to be able to capture a video of the full home and print start when the problem occurs then that might help; but that might be difficult.

https://halestrom.net/darksleep/blog/054_nvme/

Summary: two Silicon Power P34A80’s died within a few months of use, the second one was the warranty replacement of the first. In both cases sectors suddenly became permanently unreadable.

Yay. It’s so much nicer to go through these routes, especially when the have extra info. Youtube just wants you to watch more junk.

Gamersnexus used to do this, then they just abandoned their site. I think they’re using it again now but as a companion, it doesn’t link to their videos?

“Thou has missed daily prayers for two whole weeks”