PEAKS Newsletter No. 5

Hi there!

A quick introduction: this issue is packed with eBPF goodness. Enjoy!

🛡️Security & Privacy

  • Airbnb had 35,000 support tickets regarding surveillance devices found by customers in Aribnb properties in the last decade. More here.
  • An Authy (2FA app) vulnerability allowed an attacker to obtain the phone numbers of 33 million users. More here.
  • CVE-2024-0132 - Critical bug in Nvidia Container Toolkit allows container escape, affecting 33% of cloud environments. Fixed in v1.16.2. High severity (9.0/10). Potential for system takeover if exploited. More details here.
  • A critical Linux vulnerability in CUPS allows remote, unauthenticated attackers to execute arbitrary commands on targeted computers. Security researcher Simone Margaritelli discovered this issue and provided a detailed analysis here.
  • An amateur astronomer has been photographing suspected spy satellites in low-Earth orbit using a large Dobsonian telescope. His images are detailed enough to reveal the satellites' shapes, sizes, and features like antennas and solar panels. While many satellites' orbits are public, spy satellites' paths are not, but they can still be located and are visible to anyone. More details here.
  • The Arc browser faced a critical security issue, discovered and documented by researcher xyz3va here. In response, the company significantly increased the bounty payout from $2,000 to $20,000 USD and implemented preventive measures. More details here.
  • Here is a worthwhile article for eBPF enthusiasts. It discusses whether eBPF could have mitigated the CrowdStrike Blue Screen incident. The answer? Well, maybe. However, eBPF has also been a cause of these kinds of problems, as seen in this case. All in all, it's risky to inject custom code into the kernel, and the eBPF infrastructure isn't perfect—it can have bugs. In this scenario, only better testing might help.

⚒️ Tools

  • bpfmemapie - get the memory used by BPF maps in pie chart format.
  • ebpfangel - research project that offers protection against ransomware attacks on Linux platforms. It leverages eBPF and machine learning.
  • bpfman - an eBPF manager that simplifies the deployment and administration of eBPF programs. It works on single hosts or Kuberneters clusters.
  • pixie - debugging tool for applications on Kubernetes. It’s open-source and based on eBPF, of course.
  • DeepFlow - observability tool for cloud applications which provides a tone of useful metrics, collected with eBPF.
  • Multipass - run Ubuntu VMs on ARM CPUs (including Apple M-series chips). Find detailed setup instructions here. I use this to run Ubuntu on my M1 Pro in command-line mode, and it works perfectly.
  • ImHex - A powerful and feature-rich hex editor written in C++. Watch a quick demo here.
  • BagBuilds - A backpack containing comprehensive equipment for analyzing and hacking radio signals.
  • Marblism - A no-code app development platform that supports integration with multiple services, including the OpenAI API and Stripe payments.
  • Perplexity is an AI-powered search engine designed to provide users with accurate, real-time answers to their questions. It functions as a conversational partner, allowing users to ask anything and receive comprehensive, easily digestible responses. Moreover, each response includes citations linked to the original sources, enhancing transparency and allowing users to verify information easily. I really like it and have been using it for two weeks now. It's definitely become part of my daily toolkit.

🛸 Tech

  • Cisco acquired Isovalent, which is a key player in open source observability and security solutions, based on eBPF. Isovalent is actively implied in eBPF development and own awesome projects like Cilium and Tetragon. More details here.
  • Regain visibility into Kubernetes by using IBM SevOne 7.0 and RedHat NetObserv. More here.
  • Great eBPF introduction and reverse engineering example here.
  • If you're interested in eBPF, you'll enjoy this article exploring potential future enhancements for eBPF over the next decade.
  • Chinese researchers tracked a DJI Phantom 4 Pro drone by observing disturbances in electromagnetic signals from Starlink satellites caused by aircraft passing through them. They claim this method could track US stealth fighters like the F-22. However, this doesn't pose a significant military concern, as it can't provide precise locations for such rapidly moving targets. More details here.
  • The Wall Street Journal reports Qualcomm has approached Intel regarding a possible takeover. This news has caused significant impact in the semiconductor industry, leading to notable stock price fluctuations for both companies. Source here.

📐 Misc

  • Jakow Trachtenberg's concentration camp-developed mental math system uses simple counting for rapid calculations. It eliminates multiplication tables, offering speed and accuracy. The method's efficiency challenges traditional arithmetic approaches. More details here.