Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @Thibaut_S
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Thibaut_S
-
Thibaut Sautereau proslijedio/la je Tweet
Say hello to OpenSK: a fully open-source security key implementation - https://security.googleblog.com/2020/01/say-hello-to-opensk-fully-open-source.html …
#FIDOHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
My patch to disable PCI device DMA in early boot to avoid gaps in IOMMU coverage just got merged to mainline, so here's a writeup of it: https://mjg59.dreamwidth.org/54433.html
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
We sent this
#zombieload PoC to Intel on May 16, just hours after we got access to the patches. The#zombieload paper from last year already describes the issue. Media already reported about it in November: https://www.zdnet.com/article/intels-cascade-lake-cpus-impacted-by-new-zombieload-v2-attack/ … Where's the news?#MDS#L1DEShttps://twitter.com/mlqxyz/status/1221855508765794305 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
New Blog Post: "On Linux's Random Number Generation" by Thomas Pornin (
@BearSSLnews): https://research.nccgroup.com/2019/12/19/on-linuxs-random-number-generation/ …pic.twitter.com/aKpZR7C36f
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
What's interesting here: full code exec exploit based on bug in context of _kernel_ thread (much less control over things). I don't know how general the technique is, but potentially opens doors for code execution via USB cable etc. (the bug found with syzkaller obviously)https://twitter.com/offensive_con/status/1204013362675359744 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"This issue is a nice reminder that mixing trusted and untrusted data is a recipe for implementation vulnerabilities."https://twitter.com/erchiang/status/1204464757287219201 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Thibaut Sautereau proslijedio/la je Tweet
I wrote a patch to disable busmastering on PCI bridges before ExitBootServices() is called, because PCI is a technology from a more civilised age. https://lkml.org/lkml/2019/12/2/691 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
this is literally the plot of The Matrixhttps://twitter.com/jonnytickle/status/1199038272871239681 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
Blog post on CVE-2019-2215, the Android binder bug that was exploited in-the-wild and affected most Android devices manufactured prior to Fall 2018. https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
The brilliant sentence from that excellent write-up: "It’s not that I think Intel are malicious, but that doesn’t mean I trust them implicitly either"https://twitter.com/KaKaRoToKS/status/1194812245282377728 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
You may already be running Linux v5.3! I'm excited about heap auto-initialization, pidfd_open(), global -Wimplicit-fallthrough, x86 CR4 & CR0 pinning, more kfree() sanity checks, arm64 default KASLR, and hardware security embargo documentation: https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
This is what responsible disclosure looks like when you take its makeup offhttps://twitter.com/KimZetter/status/1194374230109868032 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
timing attack against a TPM, and since that's not hard enough already, they do it over a network connection, too?https://twitter.com/mjos_crypto/status/1194347394646851585 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
I am starting a new thing named Research Notes, which is the open source fraction of my research notebook on systems internals, vulnerability discovery and exploit development: http://re.alisa.sh And the first Research Note: “iBoot address space” http://re.alisa.sh/notes/iBoot-address-space.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
I've published a write-up on the Android Binder use-after-free kernel bug that p0 discovered recently affected the Pixel 2 and Galaxy S7/S8/S9. It goes into technical details of how an arbitrary read/write is established :)https://dayzerosec.com/posts/analyzing-androids-cve-2019-2215-dev-binder-uaf/ …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
What I found interesting 1/3: Deep Analysis of Exploitable Linux Kernel Vulnerabilities 2017-2019 https://www.youtube.com/watch?v=MYEAGmP_id4 … With some overview and deep dive into several real exploits. Including
#bpf, SMAP, exploiting races. 1/3https://twitter.com/LinuxSecSummit/status/1192601742854119424 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
Tl;dr: we need exploit write-ups that analyze the whole chain so platform security engineers can secure the whole platform and kill the fragile bits of the exploit chains, not just whack-a-mole fixing each individual heap overflow and hoping that this one will be the last.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
This — from the the absolutely amazing
@quinnnorton in 2014 — so goddamn prescient; it's also basically every thought I've had this year since the checkm8 iPhone vuln and the WhatsApp vuln: "Everything Is Broken" - The Message - Mediumhttps://medium.com/message/everything-is-broken-81e5f33a24e1 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thibaut Sautereau proslijedio/la je Tweet
Except that it doesn't in any kind of RAP sense. Keywords here are "doesn't require error handling" (you can corrupt local vars without detection now) and the "shadow stack" is not like one in a CET sense, it's just another allocation that can be found easily and attackedhttps://twitter.com/samitolvanen/status/1189629272219979776 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.