Mathias Krause

@_minipli

Vrijeme pridruživanja: travanj 2015.
4 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @_minipli

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @_minipli

  1. 1. velj

    Very proud and happy to join the team 😊

    Extremely excited to finally welcome to the team!
    3 proslijeđena tweeta 42 korisnika označavaju da im se sviđa
    Poništi
  2. 17. sij

    Point being, the fix for CVE-2018-19854 (the re-introduced bug of CVE-2013-2546 and CVE-2013-2547) took a year to backport, additional 2 months until this got fixed in their 8.1 release. ... Customer support 💰 not worth fixing CVEs in time? 🤔

    1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    29. lis 2019.

    a myth from the same academic jokers^Wresearchers who graced us with their ASLR 'research' in the past: in table 2 shows RAP vulnerable to ret2user (it isn't, after all we invented KERNEXEC/i386 in 2003 and UDEREF in 2006 :) but everybody else not...

    15 proslijeđenih tweetova 25 korisnika označava da im se sviđa
    Poništi
  4. 22. lis 2019.

    CVE is broken but CIDs can’t be the cure:

    The Reports of CVE's Death Have Been Greatly Exaggerated
    Prikaži ovu nit
    Poništi
  5. 4. lis 2019.

    Said, but true. Older kernels, especially enterprise ones, are missing fixes for publicly known vulns. 🤷🏻‍♂️

    With so much code churn, backporting problems, version fragmentation, introduction of new vulns, and public blueprints for exploits: N-day is the new 0-day for the Linux kernel
    Prikaži ovu nit
    1 reply 2 proslijeđena tweeta
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. 3. ruj 2019.

    Some people take security more serious than others. Worth a read!

    Teardown of a Failed Linux LTS Spectre Fix (alternatively: Sweeping Study of a Spectacular Stable Spectre Screwup) wherein we demonstrate the value of Respectre and an independent and funded security backport/review process for the Linux kernel
    Prikaži ovu nit
    2 korisnika označavaju da im se sviđa
    Poništi
  7. 6. kol 2019.

    — what a great mess 🙄

    2 proslijeđena tweeta 7 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    5. kol 2019.

    Me: Hmmm. Have you ever asked someone who was really busy and focused on something to spend half a day doing something else? X : Yes. Me : That half a day cost a week. That's context switching.

    1 reply 43 proslijeđena tweeta 109 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    4. kol 2019.

    Sometimes in adult life you have to tell other people something that will make them sad, and I really do not enjoy these situations. My first instinct is always to comfort, and there are situations where that is neither appropriate nor possible.

    6 proslijeđenih tweetova 59 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    31. srp 2019.

    Thread on exploit mitigations. Below are rules I wrote for a good mitigation a while ago: “Before you ship a mitigation...

    59 proslijeđenih tweetova 132 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    21. lip 2019.
    Odgovor korisniku/ci

    Perhaps defenders must invest 100x more than attackers, perhaps the number is 10x, perhaps it is 1000x. Reality is that the number of people reading critical code to clean it up is *less* on defense than on offense.

    1 reply 2 proslijeđena tweeta 9 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    1. lip 2019.

    Wait till people find out the big plugin improvement they announced was adding 2 lines of code, KSPP banks on nobody ever looking into the details

    2 proslijeđena tweeta 9 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    14. svi 2019.

    ZombieLoad: New Intel CPU vulnerability discovered in collab by researchers from TU Graz, Cyberus Technology, and Worcester Polytech Institute:

    26 proslijeđenih tweetova 25 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    20. ožu 2019.

    “Sometimes, the elegant implementation is just a function. Not a method. Not a class. Not a framework. Just a function.” - John Carmack

    234 proslijeđena tweeta 951 korisnik označava da mu se sviđa
    Poništi
  15. proslijedio/la je Tweet
    8. ožu 2019.

    academic research not at its best. it took too long considering how since the beginning the only realistic threat model was 'arbitrary read-write' (slide 5 in ). i hope that people won't waste another 2 decades on such 'defenses'.

    4 proslijeđena tweeta 15 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    9. sij 2019.

    This paper should cite PaX's KERNEXEC plugin which has effectively done the same for the kernel for > 7 years: or if only academic works count, could have cited kGuard: PS: it's general protection fault 🙃🤗

    3 proslijeđena tweeta 25 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    1. pro 2018.

    Something people don't realize: there is no one upstream who is "in charge" of making sure vuln fixes (even known vulns with CVEs) are applied to LTS kernels. If a patch conflict isn't trivially resolved, unless someone else does the work, backporting sometimes just never happens

    5 proslijeđenih tweetova 12 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    9. stu 2018.

    Here's another fun story we can finally talk about: multiple infoleaks in the Linux kernel crypto API that sat in the code for a year and a half. Some fine use of strncpy got replaced with the problematic and infoleak-inducing strlcpy:

    1 reply 13 proslijeđenih tweetova 31 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    15. lis 2018.

    Reminded during the 4.19 port the repeating theme of kernel devs still not understanding what they upstream from us: compare to . it cost the totally unnecessary realignment of a hundred lines of code in a core VM structure /o\.

    2 proslijeđena tweeta 10 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    6. kol 2018.

    Those who don't read pax-future.txt are doomed to reinvent it.

    19 proslijeđenih tweetova 43 korisnika označavaju da im se sviđa
    Poništi

@_minipli još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·