now way haha lowlevel.academy is really cool !?

He dropped "learning" because it's been nearly half a century and people still haven't learned how not to index an array out of bounds

He has stopped learning. There is nothing left to learn. He has reached the lowest level.

rip low level learning. you would've loved low level 😔

low level is no longer learning

Aww, it's like when "it's okay to be smart" rebranded to "Be Smart" . Low level learning was quite good, low level is fine though. Low level learning is stuck on my tongue though it's so fun to say: lowlevellearning lowlevellearning

At this point, all IDEs and compilers should issue a warning for all memcpy, memmov and DMA operations if they do not have a length limit check immediately before it.

"you know it's being more openly monitored", why is there an assumption that most open source code is actually monitored?

Not sure how I feel about the rebrand, but I'm generally terrified of change, so even a KZbinr deciding to remove eight letters from their name can be too much for me sometimes, haha.

next up: Low, just low

Vanilla OpenWRT is not affected by this, as it uses open source mt76 driver with hostapd. wapp is part of Mediatek's proprietary driver

Who goes to new Jersey for vacation?

The reason why lots of those "security features" like ASLR and oft mentioned IOMMU aren't enabled for low level things that interacts with real world is, because they're inconsistent against the real world they interact with. Lots of those makes jittery mess in terms of response times. Webdevs think those are just one click enables because Web is jittery mess anyway but not everything in the world is.

Might be showing my age, but WAP will always mean 'like the internet, on a Nokia 3310, but somehow worse than that implies' to me.

Please stop referring to forks of OpenWrt as OpenWrt, it would be the same as referring to Mint, Zorin, Pop! as Ubuntu. OpenWrt is not vulnerable to this. Additionally OpenWrt 19.x and 21.x are no longer supported, but regardless they are not vulnerable as they are not using Mediatek's proprietary SDK - the only thing with the bug. The mitigations are available as they are used by default in OpenWrt and Mediatek forked from it.

A MediaTek chip has a hole in it. The world yawns.

Ed: *Drop "Learning"* Literally Everyone: My Disappointment is Immeasurable and My Day is Ruined.

Having a good day LLL releases a new vid Misery resumes

I understand why you rebranded to Low Level. However, my 2 cents is that I prefer Low Level Learning😔

in my head this guy will forever be the tech bro version of nick from the yard

Next rebrand: Low

“Low Level Learning” speaks to SEO and reconciling your content vertical with viewer behavioral telemetry. Both might be more important than reconciling your content with how humans parse ease and memorability.

> use software provided by your hw vendor > get bad quality code who would expect that…

This only applies to stock factory drivers, not opensource ones.

atleast this forces mediatek to push updates to their old network cards, mine haven't gotten new one in the last like 2 years lol

The real shock here is SonicWall found this.

no more learning? stooping to this level is pretty low, double L

like petition to turn back to Low Level Learning (please dont ban me i love your videos)

Low Level: i'm beneath you but nothing is beneath me

Always whenever he goes to vacation something like that happens.

You should start writing an OS in Rust. That would be sick! This can become THE THEME of this channel, a pinnacle of "Low Level Learning" so to speak.

I think the problem is burritos. Whenever you eat a burrito, Internet will crash, AI will crash, some plane somewhere will crash. Burritos are dangerous.

"On vacation in New Jersey".... I don't understand that sentence... They are English words but don't make sense in that order 😂

gotta love the "but what would Rust do?", this never gets old.

Might use your courses for CPEs, looks dope.

Before assignment check the length, it should be easy. Should...

Even the fire tv stick is affected.

Thank you for sacrificing you vacation days for the sake of stopping any more computer security vulnerabilities appearing .

What’s with the super clickbait titles these days? Love the channel but feels bad, man.

I was so happy when you stopped saying "Hi my name is Low Level Learning" and transitioned to "Hi my name is Ed," and honestly this is still better than introducing yourself as the channel name

bro became a god he doesnt need to learn anymore lol

Man, you make me want to return to reversing again...

Code from a chipset mfg is just sample or test code, it is never meant to be used in a production environment. Such code often doesn't have bounds checking or full error handling. Many are written in plain K&R style C for simplicity.

i swear to god people in the cybersecurity world make up the most nonsense names for stuff possible lmao

Rust boys will have a field day with this one

What annoys me is that the articles just list the chipsets affected, not actual devices with the chipset in it nor which device firmwares are confirmed to be affected. Ubiquity, for example, claims they are immune to this issue despite being called out specifically in the articles. That creates confusion and makes it a LOT harder to determine what devices are actually affected. Nor do the articles provide any directions to mitigate either. I don't think I'm affected by this but I have no way to figure it out definitively either way.

sure.... no coincidence at all that these seem to overlap with your absences.... not sus at all

Low Level when High Level walks in:

If you stop going on vacation, vulns will be solved!

The following three WiFi 6 Routers released in 2020/2021 features the combination of MediaTek's MT7621A network accelerator and the affected MT7915 Wi-Fi 6 connectivity platform are as follows: - D-Link AXO AX1800 (DIR-X1860) - TP-Link Archer AX20 (AX1800 Dual-Band Wi-Fi 6 Router) released exclusively in China - Buffalo AX1800 (WSR-1800AX4) released exclusively in Japan Check if you own any of the aforementioned routers and please update its firmware ASAP to the latest version that patches up this vulnerability; if its not available then replace them with a WiFi 6E Router that features either a Broadcom or Qualcomm WiFi 6E SoC.

Today I learned that my WAP has an Atheros chipset in it.

Mediatek is in a lot of consumer routers.. Linksys/belkin/tp use this router. Meditek is an arm processor /soc made by the CCP

Not a very practical vulnerability in terms of mass exploitation in the wild. But perfect for targeted attacks. However, it doesn't affect that many devices and only the unpatched.

Not that WAP, I'll allow it... 10/10

“Not that Wap” 😂😂

Daemon in Christianity translates to DEMON maybe they shouldn't let DEMONS work on computers who don't know what they're doing.

I appreciate dropping the learning because I felt bad at myself for not understanding a thing even when it's dummy simple

Awesome Thank you for Sharing 💯✴

Frick, my router use mtk 7621

Correlation does not mean causation. Take time off when needed😁

Ah well... gcc v12 even has a static analyzer built into it and optimization switches, that always have been in all those compilers for years give you compiler warnings based on bounds checks. Build it into your pipeline before building your release and already a lot of your mistakes are being detected for you.

Goes to show you're never completely safe. I think my AP uses that SOC, time to build a new OpenWRT image I guess. (I live in the sticks with one neighbour, so I'm not super worried. They'd have to be on my lawn (not LAN) to exploit...) FPGA open IP SoC routers/APs when? I guess I'll have to roll up my sleves and actually learn Verilog someday...

The thumbnail feels like clickbait. Why mention openwrt when its a mediatek vuln?

this channel is one of my favorite to watch. im 16 and i like computers

The year is well beyond 2000... Why are we still pointing to memory in code like this? Why are we still doing mem copy, mem-move and depending on the passed LENGTH of the 'buffers' to be correct?! That was 'acceptable' in old ghetto crunk c/c++ code when we didn't care if crap crashed. If you have code that is anything more critical than a retro mario-game clone running on a phone, then KNOCK THAT OFF!

I like the old name better personally

Openwrt in thumbnail but more like a mediatek vuln which is scarier

I really want a Burrito...

Not taking any sick days either, huh? You look and sound sick as hell in this vid. I had to bounce a third of the way through the video (buffer overflow) because my lizard brain started screaming internally that "this person is sick get away GET AWAY"

Another day another vulnerability

That video title made me a bit nervous 😅

love the rebrand, channel feels more down to earth, more personal

When is the patch coming out for pegasus 😂😂😂

Lol. I thought it was a second channel, also noticed I wasn't subscribed

Hey @LLL, because of your lifetime offer I WILL buy this offer (promise) because I’d love to learn about this and from you. I am a bit worried about the quality and continuance of the future courses. Maybe you can get others like Prime to make a course on embedded programming in zig etc. to keep up the quality and engagement.?

I'm not a fan of the Rust politics, either. It feels like veganism, just as many people complaining about shrieking vegans as there are vegans shrieking at carnivores.

Oh phew, my ancient RT-AC66U's are still safe(NOT).

Rust is like those plastic handles some nails have so you can place it perfectly straight and never hit your fingers. Is a nice tool that solves a problem no professional user ever had. The problem is not the tool. The problem is that people that NEEDS those tools are working as a profesional contractors. And this people will harm themselves with the hammer, even with the help.

"no, not that WAP" ... Ight, I'm out of here. Peace. ✌️😂

They discovered a CIA backdoor 😔

Rip LLL

You do know that "remote RCE" is redundant, right? :)

Gotta say I'm not a fan of dropping the Learning part of the name. It no longer has a ring to it. And is potentially more confusing to new viewers. Maybe that's just me though

Mr. Ed! Please bring the _channel PFP_ back!

I think this means you should go on more vacations, so that more exploits come up and you'd have more content to cover lol

Low Level Learning fell off. He has truly reached the Lowest Level of his career. Truly a shame for the entire programming community. Maybe the level is only up from here? When is Python Learning going to start?

Are you going to do another "Low Level Rizz" again with that denying woman for each shorts? that was funny.

You should just announce you're going on vacation every week - guaranteed work and video fodder!

I'm not mad about the re-brand but It wont stop me watching and if it helps you that's awesome! It does make me feel a bit sad about humanity though, especially if the word learning was scaring off viewers. Good luck with the channel man, your videos are always fascinating and informative.

Well... that's certainly some news... If you'll excuse me.... * Ron swanson throws computer into dumpster dot gif *

Oh no! I lost my chance to learn anything!

Hey, do you have a recommendation on what router hardware and software to use in this unsecure landscape?

Every video: Have you used Rust? 🙄

Rust would not catch this

Being from NJ I can say "there's your problem" lol

yep you're solely responsible for all the CVE discoveries

You piece of code! Ack!

downgrade from LLL to LL

You talk a lot about Rust, however I have been looking into Ada lately. What do you think of that language? 🤔

Best sponsor ever :D