Mediatek, more like mediarekt. blog.sonicwall... blog.coffinsec... 🏫 COURSES 🏫 Learn to code in C at lowlevel.academy 🔥 SOCIALS 🔥 Come hang out at lowlevel.tv
Just out of interest. You provide good curses, but sadly, the only payment options are im gonna call them the American payment systems (cash app, visa, American bank). So to the question: will there ever be any other payment options ? (Seap, direct transfer, PayPal, etc) Anyways, nice video, always great content, and all of you have a great day.
>still haven't learned how not to index an array out of bounds Some people should only program in BASIC, it won't let you write out of bounds, you have to fight and sabotage BASIC to do so.
Aww, it's like when "it's okay to be smart" rebranded to "Be Smart" . Low level learning was quite good, low level is fine though. Low level learning is stuck on my tongue though it's so fun to say: lowlevellearning lowlevellearning
At this point, all IDEs and compilers should issue a warning for all memcpy, memmov and DMA operations if they do not have a length limit check immediately before it.
Ten minutes later, the devs will disable those warnings at the project level, because obviously they are smart enough that their code does not have such bugs.
For me, it's not about someone done audit on the code - it's about that you can torn thing out and replace it with something else, including your own binary.
Not sure how I feel about the rebrand, but I'm generally terrified of change, so even a RUclipsr deciding to remove eight letters from their name can be too much for me sometimes, haha.
Same, i have force awakening poster in my room, i haven't watch the movie (maybe snipptets on TV) i don't plan to since (from what i've heard) it's rather shitty movie, but i have it since middle school (or rather polish equivalent of there of) and i'm 22 in December so now removing it triggers my sentimentality
Was thinking the same thing. Who would want to go on holiday anywhere in the USA (Montana being a notable exception!)... I'd rather spend a week in a septic tank 😅
The reason why lots of those "security features" like ASLR and oft mentioned IOMMU aren't enabled for low level things that interacts with real world is, because they're inconsistent against the real world they interact with. Lots of those makes jittery mess in terms of response times. Webdevs think those are just one click enables because Web is jittery mess anyway but not everything in the world is.
Please stop referring to forks of OpenWrt as OpenWrt, it would be the same as referring to Mint, Zorin, Pop! as Ubuntu. OpenWrt is not vulnerable to this. Additionally OpenWrt 19.x and 21.x are no longer supported, but regardless they are not vulnerable as they are not using Mediatek's proprietary SDK - the only thing with the bug. The mitigations are available as they are used by default in OpenWrt and Mediatek forked from it.
This. I've been clenching for a while because I thought I would need to patch my router before visiting the office. Turns out this is a complete non-story. Openwrt has nothing to do with this vuln. I will go and release my babies now.
“Low Level Learning” speaks to SEO and reconciling your content vertical with viewer behavioral telemetry. Both might be more important than reconciling your content with how humans parse ease and memorability.
Bro have you been hacked? What are you talking about? You starting a new "Tay SEO Tips" channel or something, and you're testing the waters in the RUclips comments?
I think the problem is burritos. Whenever you eat a burrito, Internet will crash, AI will crash, some plane somewhere will crash. Burritos are dangerous.
@@avarise5607trash take. You can like a video and still hate the thumbnail. Boycotting a video that you think you might like just because of the thumbnail is a bit extreme, don't you think?
I was so happy when you stopped saying "Hi my name is Low Level Learning" and transitioned to "Hi my name is Ed," and honestly this is still better than introducing yourself as the channel name
Code from a chipset mfg is just sample or test code, it is never meant to be used in a production environment. Such code often doesn't have bounds checking or full error handling. Many are written in plain K&R style C for simplicity.
What annoys me is that the articles just list the chipsets affected, not actual devices with the chipset in it nor which device firmwares are confirmed to be affected. Ubiquity, for example, claims they are immune to this issue despite being called out specifically in the articles. That creates confusion and makes it a LOT harder to determine what devices are actually affected. Nor do the articles provide any directions to mitigate either. I don't think I'm affected by this but I have no way to figure it out definitively either way.
The following three WiFi 6 Routers released in 2020/2021 features the combination of MediaTek's MT7621A network accelerator and the affected MT7915 Wi-Fi 6 connectivity platform are as follows: - D-Link AXO AX1800 (DIR-X1860) - TP-Link Archer AX20 (AX1800 Dual-Band Wi-Fi 6 Router) released exclusively in China - Buffalo AX1800 (WSR-1800AX4) released exclusively in Japan Check if you own any of the aforementioned routers and please update its firmware ASAP to the latest version that patches up this vulnerability; if its not available then replace them with a WiFi 6E Router that features either a Broadcom or Qualcomm WiFi 6E SoC.
Not a very practical vulnerability in terms of mass exploitation in the wild. But perfect for targeted attacks. However, it doesn't affect that many devices and only the unpatched.
Ah well... gcc v12 even has a static analyzer built into it and optimization switches, that always have been in all those compilers for years give you compiler warnings based on bounds checks. Build it into your pipeline before building your release and already a lot of your mistakes are being detected for you.
Goes to show you're never completely safe. I think my AP uses that SOC, time to build a new OpenWRT image I guess. (I live in the sticks with one neighbour, so I'm not super worried. They'd have to be on my lawn (not LAN) to exploit...) FPGA open IP SoC routers/APs when? I guess I'll have to roll up my sleves and actually learn Verilog someday...
The year is well beyond 2000... Why are we still pointing to memory in code like this? Why are we still doing mem copy, mem-move and depending on the passed LENGTH of the 'buffers' to be correct?! That was 'acceptable' in old ghetto crunk c/c++ code when we didn't care if crap crashed. If you have code that is anything more critical than a retro mario-game clone running on a phone, then KNOCK THAT OFF!
Not taking any sick days either, huh? You look and sound sick as hell in this vid. I had to bounce a third of the way through the video (buffer overflow) because my lizard brain started screaming internally that "this person is sick get away GET AWAY"
Hey @LLL, because of your lifetime offer I WILL buy this offer (promise) because I’d love to learn about this and from you. I am a bit worried about the quality and continuance of the future courses. Maybe you can get others like Prime to make a course on embedded programming in zig etc. to keep up the quality and engagement.?
I'm not a fan of the Rust politics, either. It feels like veganism, just as many people complaining about shrieking vegans as there are vegans shrieking at carnivores.
Rust is like those plastic handles some nails have so you can place it perfectly straight and never hit your fingers. Is a nice tool that solves a problem no professional user ever had. The problem is not the tool. The problem is that people that NEEDS those tools are working as a profesional contractors. And this people will harm themselves with the hammer, even with the help.
Gotta say I'm not a fan of dropping the Learning part of the name. It no longer has a ring to it. And is potentially more confusing to new viewers. Maybe that's just me though
Low Level Learning fell off. He has truly reached the Lowest Level of his career. Truly a shame for the entire programming community. Maybe the level is only up from here? When is Python Learning going to start?
I'm not mad about the re-brand but It wont stop me watching and if it helps you that's awesome! It does make me feel a bit sad about humanity though, especially if the word learning was scaring off viewers. Good luck with the channel man, your videos are always fascinating and informative.
now way haha lowlevel.academy is really cool !?
The community is divided about your name change. Here's my proposal for a compromise:
Low Level Lear
Are range checks allways on in Rust plus they also exist for all kind of buffers?
It's neat that you went to Twitchcon with the CEO of Jurassic Park. 🥰
I think in the future businesses will run Linux servers and not Windows servers.
Just out of interest.
You provide good curses, but sadly, the only payment options are im gonna call them the American payment systems (cash app, visa, American bank).
So to the question: will there ever be any other payment options ? (Seap, direct transfer, PayPal, etc)
Anyways, nice video, always great content, and all of you have a great day.
He dropped "learning" because it's been nearly half a century and people still haven't learned how not to index an array out of bounds
HA
This comment wins
@@amadzarak7746 you win
>still haven't learned how not to index an array out of bounds
Some people should only program in BASIC, it won't let you write out of bounds, you have to fight and sabotage BASIC to do so.
Yeah... I think we should just collectively stick to bound-checked languages at this point...
He has stopped learning. There is nothing left to learn. He has reached the lowest level.
it's true i am immortal
🤨🤨🤨
Calling your level lowest possible is a huge compliment who understands it. :D
they say you can't fall lower than binaries
I wonder if he's gonna correct the "I was right." video, where he was wrong.
rip low level learning. you would've loved low level 😔
Nah I was his classmate in school, everyone called him low level
Even the teacher calls him low level
low level is no longer learning
Yea, just low level content 😂
Nahh it‘s a fine name, the old one was good already tho.
Brain is no longer braining.
a new low
It's only downhill to a lower level from here
bro's gonna make a surprise video showing a modern CPU through microscopes and find hardware vulnerabilities
Aww, it's like when "it's okay to be smart" rebranded to "Be Smart" .
Low level learning was quite good, low level is fine though. Low level learning is stuck on my tongue though it's so fun to say:
lowlevellearning lowlevellearning
At this point, all IDEs and compilers should issue a warning for all memcpy, memmov and DMA operations if they do not have a length limit check immediately before it.
Ten minutes later, the devs will disable those warnings at the project level, because obviously they are smart enough that their code does not have such bugs.
@@angrydachshund That's what I do 👍
@@angrydachshund -Wno-warning-i-know-better
IDE alerts the FBI when you make such mistakes and you get swatted.
"you know it's being more openly monitored", why is there an assumption that most open source code is actually monitored?
Its monitored, by like 2 people, dev and the gvmt agent on his way to make name with new fancy backdoor 😂
@@avarise5607So 2 eyes now!
Most people confuse "it is monitored" with "it can be monitored"
@@tablettablete186 better than 5 eyes
For me, it's not about someone done audit on the code - it's about that you can torn thing out and replace it with something else, including your own binary.
Not sure how I feel about the rebrand, but I'm generally terrified of change, so even a RUclipsr deciding to remove eight letters from their name can be too much for me sometimes, haha.
I am too, but thats life :)
Same, i have force awakening poster in my room, i haven't watch the movie (maybe snipptets on TV) i don't plan to since (from what i've heard) it's rather shitty movie, but i have it since middle school (or rather polish equivalent of there of) and i'm 22 in December so now removing it triggers my sentimentality
It's just a nice change it's a rebrand without the word A.I or Cloud afterwards. 😅
You have replaced about 330 billion cells in your body over the last 24 hours. You are not even the same person you were 30 minutes ago 😅
@@moveonvillain1080 you are really only a story you tell to yourself, or rather your new self. Ponder. Time for beer!
next up: Low, just low
shorty got low
LPL: This is Lockpicking, and today...
FW: Thanks for turning in for Forgotten, I'm iMac...
And of course SteveMRE1988 becoming just Steve
she hit the flo
Vanilla OpenWRT is not affected by this, as it uses open source mt76 driver with hostapd. wapp is part of Mediatek's proprietary driver
Who goes to new Jersey for vacation?
I hear the shore is a pretty exciting place
You do if your priest assigned it as penance.
Was thinking the same thing. Who would want to go on holiday anywhere in the USA (Montana being a notable exception!)... I'd rather spend a week in a septic tank 😅
@@NotMarkKnopfler Upper Michigan, New Hampshire and Pacific Northwest are quite beautiful too.
@@Lutz64 I'll deal with the state if I get to see the ship.
The reason why lots of those "security features" like ASLR and oft mentioned IOMMU aren't enabled for low level things that interacts with real world is, because they're inconsistent against the real world they interact with. Lots of those makes jittery mess in terms of response times. Webdevs think those are just one click enables because Web is jittery mess anyway but not everything in the world is.
@@すどにむ 🤣🤣🤣🤣
Might be showing my age, but WAP will always mean 'like the internet, on a Nokia 3310, but somehow worse than that implies' to me.
Please stop referring to forks of OpenWrt as OpenWrt, it would be the same as referring to Mint, Zorin, Pop! as Ubuntu. OpenWrt is not vulnerable to this. Additionally OpenWrt 19.x and 21.x are no longer supported, but regardless they are not vulnerable as they are not using Mediatek's proprietary SDK - the only thing with the bug. The mitigations are available as they are used by default in OpenWrt and Mediatek forked from it.
This. I've been clenching for a while because I thought I would need to patch my router before visiting the office. Turns out this is a complete non-story. Openwrt has nothing to do with this vuln. I will go and release my babies now.
It's pretty surprising how low level the fact checking is on this channel.
A MediaTek chip has a hole in it. The world yawns.
Ed: *Drop "Learning"*
Literally Everyone: My Disappointment is Immeasurable and My Day is Ruined.
SHARP suit my dude
Having a good day
LLL releases a new vid
Misery resumes
Having a good day
LL releases a new vid
Misery resumes
Actually 🤓☝️ it’s LL now
Edit: Nooo someone beat me to it
I understand why you rebranded to Low Level. However, my 2 cents is that I prefer Low Level Learning😔
in my head this guy will forever be the tech bro version of nick from the yard
Next rebrand: Low
thats too hard to say.
Next Next rebrand: L
After that, "L".
“Low Level Learning” speaks to SEO and reconciling your content vertical with viewer behavioral telemetry. Both might be more important than reconciling your content with how humans parse ease and memorability.
Low Level Learning is both easy to remember and has a better ring to it, I really can't see any pros to dropping it, like, at all.
Bro have you been hacked? What are you talking about? You starting a new "Tay SEO Tips" channel or something, and you're testing the waters in the RUclips comments?
@@9hoot789 he is referring to discovery by search engines and recommendation algorithms, as opposed to traditional branding/word of mouth
Keep bringing us that chocolate rain the comments bro.
> use software provided by your hw vendor
> get bad quality code
who would expect that…
and that is why we should push for FOSS firmware
This only applies to stock factory drivers, not opensource ones.
atleast this forces mediatek to push updates to their old network cards, mine haven't gotten new one in the last like 2 years lol
Imagine how many new holes they will introduce
The real shock here is SonicWall found this.
no more learning? stooping to this level is pretty low, double L
like petition to turn back to Low Level Learning (please dont ban me i love your videos)
It had a nice ring to it for sure
Low Level: i'm beneath you but nothing is beneath me
Behold the Underminerrrrrrrr
Always whenever he goes to vacation something like that happens.
You should start writing an OS in Rust. That would be sick! This can become THE THEME of this channel, a pinnacle of "Low Level Learning" so to speak.
I think the problem is burritos. Whenever you eat a burrito, Internet will crash, AI will crash, some plane somewhere will crash. Burritos are dangerous.
"On vacation in New Jersey".... I don't understand that sentence... They are English words but don't make sense in that order 😂
gotta love the "but what would Rust do?", this never gets old.
Might use your courses for CPEs, looks dope.
Before assignment check the length, it should be easy. Should...
Even the fire tv stick is affected.
Thank you for sacrificing you vacation days for the sake of stopping any more computer security vulnerabilities appearing .
What’s with the super clickbait titles these days? Love the channel but feels bad, man.
Blame is on you for getting baited, not the author on using it. You got free will, use it
@@avarise5607trash take. You can like a video and still hate the thumbnail. Boycotting a video that you think you might like just because of the thumbnail is a bit extreme, don't you think?
I was so happy when you stopped saying "Hi my name is Low Level Learning" and transitioned to "Hi my name is Ed," and honestly this is still better than introducing yourself as the channel name
bro became a god he doesnt need to learn anymore lol
Man, you make me want to return to reversing again...
Code from a chipset mfg is just sample or test code, it is never meant to be used in a production environment. Such code often doesn't have bounds checking or full error handling. Many are written in plain K&R style C for simplicity.
i swear to god people in the cybersecurity world make up the most nonsense names for stuff possible lmao
Rust boys will have a field day with this one
What annoys me is that the articles just list the chipsets affected, not actual devices with the chipset in it nor which device firmwares are confirmed to be affected. Ubiquity, for example, claims they are immune to this issue despite being called out specifically in the articles. That creates confusion and makes it a LOT harder to determine what devices are actually affected. Nor do the articles provide any directions to mitigate either. I don't think I'm affected by this but I have no way to figure it out definitively either way.
It also claims that certain OpenWRT versions are vulnerable even though they don't even ship the vulnerable code.
sure.... no coincidence at all that these seem to overlap with your absences.... not sus at all
Low Level when High Level walks in:
If you stop going on vacation, vulns will be solved!
The following three WiFi 6 Routers released in 2020/2021 features the combination of MediaTek's MT7621A network accelerator and the affected MT7915 Wi-Fi 6 connectivity platform are as follows:
- D-Link AXO AX1800 (DIR-X1860)
- TP-Link Archer AX20 (AX1800 Dual-Band Wi-Fi 6 Router) released exclusively in China
- Buffalo AX1800 (WSR-1800AX4) released exclusively in Japan
Check if you own any of the aforementioned routers and please update its firmware ASAP to the latest version that patches up this vulnerability; if its not available then replace them with a WiFi 6E Router that features either a Broadcom or Qualcomm WiFi 6E SoC.
Today I learned that my WAP has an Atheros chipset in it.
Mediatek is in a lot of consumer routers.. Linksys/belkin/tp use this router.
Meditek is an arm processor /soc made by the CCP
Not a very practical vulnerability in terms of mass exploitation in the wild. But perfect for targeted attacks.
However, it doesn't affect that many devices and only the unpatched.
Not that WAP,
I'll allow it... 10/10
“Not that Wap” 😂😂
Daemon in Christianity translates to DEMON maybe they shouldn't let DEMONS work on computers who don't know what they're doing.
I appreciate dropping the learning because I felt bad at myself for not understanding a thing even when it's dummy simple
Awesome Thank you for Sharing 💯✴
Frick, my router use mtk 7621
Same, but it's not running 21.02 nor has any wifi functionality, so...
if you use openwrt, you're in the clear.
Correlation does not mean causation. Take time off when needed😁
Ah well... gcc v12 even has a static analyzer built into it and optimization switches, that always have been in all those compilers for years give you compiler warnings based on bounds checks. Build it into your pipeline before building your release and already a lot of your mistakes are being detected for you.
Goes to show you're never completely safe.
I think my AP uses that SOC, time to build a new OpenWRT image I guess.
(I live in the sticks with one neighbour, so I'm not super worried. They'd have to be on my lawn (not LAN) to exploit...)
FPGA open IP SoC routers/APs when? I guess I'll have to roll up my sleves and actually learn Verilog someday...
The thumbnail feels like clickbait. Why mention openwrt when its a mediatek vuln?
The blog post used as a reference seems to have the same misinformation.
this channel is one of my favorite to watch. im 16 and i like computers
computers, Pog
The year is well beyond 2000...
Why are we still pointing to memory in code like this? Why are we still doing mem copy, mem-move and depending on the passed LENGTH of the 'buffers' to be correct?!
That was 'acceptable' in old ghetto crunk c/c++ code when we didn't care if crap crashed.
If you have code that is anything more critical than a retro mario-game clone running on a phone, then KNOCK THAT OFF!
I like the old name better personally
I'm pretty sure most people do, I dont understand the need to change it
Openwrt in thumbnail but more like a mediatek vuln which is scarier
OpenWRT is not even affected.
I really want a Burrito...
Not taking any sick days either, huh? You look and sound sick as hell in this vid. I had to bounce a third of the way through the video (buffer overflow) because my lizard brain started screaming internally that "this person is sick get away GET AWAY"
low iq comment (i have an iq of 150)
Another day another vulnerability
That video title made me a bit nervous 😅
love the rebrand, channel feels more down to earth, more personal
When is the patch coming out for pegasus 😂😂😂
Lol. I thought it was a second channel, also noticed I wasn't subscribed
Hey @LLL, because of your lifetime offer I WILL buy this offer (promise) because I’d love to learn about this and from you. I am a bit worried about the quality and continuance of the future courses. Maybe you can get others like Prime to make a course on embedded programming in zig etc. to keep up the quality and engagement.?
I'm not a fan of the Rust politics, either. It feels like veganism, just as many people complaining about shrieking vegans as there are vegans shrieking at carnivores.
Oh phew, my ancient RT-AC66U's are still safe(NOT).
Good enough
Rust is like those plastic handles some nails have so you can place it perfectly straight and never hit your fingers. Is a nice tool that solves a problem no professional user ever had.
The problem is not the tool. The problem is that people that NEEDS those tools are working as a profesional contractors. And this people will harm themselves with the hammer, even with the help.
The problem is that your tool is outdated. Rust is winning. Get over it.
"no, not that WAP" ... Ight, I'm out of here. Peace. ✌️😂
They discovered a CIA backdoor 😔
Rip LLL
You do know that "remote RCE" is redundant, right? :)
Gotta say I'm not a fan of dropping the Learning part of the name. It no longer has a ring to it. And is potentially more confusing to new viewers. Maybe that's just me though
Mr. Ed! Please bring the _channel PFP_ back!
I think this means you should go on more vacations, so that more exploits come up and you'd have more content to cover lol
Low Level Learning fell off. He has truly reached the Lowest Level of his career. Truly a shame for the entire programming community. Maybe the level is only up from here? When is Python Learning going to start?
Are you going to do another "Low Level Rizz" again with that denying woman for each shorts? that was funny.
You should just announce you're going on vacation every week - guaranteed work and video fodder!
I'm not mad about the re-brand but It wont stop me watching and if it helps you that's awesome!
It does make me feel a bit sad about humanity though, especially if the word learning was scaring off viewers.
Good luck with the channel man, your videos are always fascinating and informative.
Well... that's certainly some news... If you'll excuse me.... * Ron swanson throws computer into dumpster dot gif *
Oh no! I lost my chance to learn anything!
Hey, do you have a recommendation on what router hardware and software to use in this unsecure landscape?
Every video: Have you used Rust? 🙄
Rust would not catch this
Incorrect.
He just explained how Rust would catch it, resulting in a panic, turning it from an RCE into a DoS.
Being from NJ I can say "there's your problem" lol
same
yep you're solely responsible for all the CVE discoveries
You piece of code! Ack!
downgrade from LLL to LL
You talk a lot about Rust, however I have been looking into Ada lately. What do you think of that language? 🤔
Ada is a great memory-safe language for mission critical embedded systems like avionics. Rust is a great all-purpose, memory-safe language.
Best sponsor ever :D