Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @paxteam
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @paxteam
-
PaX Team proslijedio/la je Tweet
Our team is growing! Very happy to welcome
@_minipli as our newest full-time kernel developer, accelerating our development of the next generation of@grsecurity featuresHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
today's quiz: what's wrong with the seemingly trivial (and even reviewed) commit 492c88720d36eb662f9f10c1633f7726fbb07fc4? (it was just backported to stable kernels, hence the belated notice)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
a myth from the same academic jokers^Wresearchers who graced us with their ASLR 'research' in the past: in https://res.mdpi.com/d_attachment/applsci/applsci-09-04229/article_deploy/applsci-09-04229-v2.pdf … table 2 shows RAP vulnerable to ret2user (it isn't, after all we invented KERNEXEC/i386 in 2003 and UDEREF in 2006 :) but everybody else not...
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
PaX Team proslijedio/la je Tweet
I always like bugs that prove you're the first to ever use something. We seem to be the first ones to try to use the event registration system for GCC plugins since it was introduced almost a decade ago: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92217 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
PaX Team proslijedio/la je Tweet
Teardown of a Failed Linux LTS Spectre Fix (alternatively: Sweeping Study of a Spectacular Stable Spectre Screwup) https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php … wherein we demonstrate the value of Respectre and an independent and funded security backport/review process for the Linux kernel
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
today's quiz: find the infoleak bug introduced by upstream commit 85164fd8b05320 that was caught by a recent rewrite of our structleak GCC plugin.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Bet of the day: Intel vs. DSE (https://www.openwall.com/lists/kernel-hardening/2019/06/27/11 …)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
looks like FreeBSD (in)security is in very (in)capable hands:https://www.youtube.com/watch?v=7kShjboN6ek …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
there's a 2 year old easter egg in enum scmi_error_codes, can you find it? :)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
https://github.com/llvm-mirror/llvm/commit/863ea8c618b1f88ba8c9ec355a07cb3783481642 … academic research not at its best. it took too long considering how since the beginning the only realistic threat model was 'arbitrary read-write' (slide 5 in https://pax.grsecurity.net/docs/PaXTeam-H2HC15-RAP-RIP-ROP.pdf …). i hope that people won't waste another 2 decades on such 'defenses'.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
btw, in case someone didn't figure it out yet, the hash is not a riddle but a git commit. happy hunting :).https://twitter.com/paxteam/status/1101976278037659649 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
i'd propose to name the upcoming linux 5.0 kernel as Easter Egg Hunt Come Early and kick it off with 61cb5758d3c46bc1ba87694fefc0d9653613ce6b.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
look at what the cat^W^Warxiv has just dragged in: https://arxiv.org/abs/1902.10880 . finally someone dispels a myth, many more to go :).
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
KSPP fairy tale du jour: https://www.openwall.com/lists/kernel-hardening/2019/02/20/18 … … (hint: if RANDKSTACK was inspired by stackjacking then how could the supposed inspiring presentation have talked about it? perhaps because in reality it had already existed for almost a decade? :))
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
the paper has been updated, i wish arxiv added some changebars...
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
interesting paper from SP19: SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security (pdf: https://www.computer.org/csdl/proceedings/sp/2019/6660/00/666000a345.pdf … abstract: https://www.computer.org/csdl/proceedings/sp/2019/6660/00/666000a345-abs.html …)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
almost 6 years later STRUCTLEAK comes to Windows:https://twitter.com/JosephBialek/status/1062774315098112001 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A Systematic Evaluation of Transient Execution Attacks and Defenses: https://arxiv.org/abs/1811.05441
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Reminded during the 4.19 port the repeating theme of kernel devs still not understanding what they upstream from us: compare https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/scripts/gcc-plugins/randomize_layout_plugin.c#n363 … to https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/linux/mm_types.h?id=c1a2f7f0c06454387c2cd7b93ff1491c715a8c69 … . it cost the totally unnecessary realignment of a hundred lines of code in a core VM structure /o\.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
so on the heels of https://twitter.com/halvarflake/status/1047373076877529089 … we've just got another academic paper (https://sajjadium.github.io/files/acsac2018typecfi_paper.pdf …, on no less than RAP itself) that thinks that calling execve = arbitrary code exec. off to a bad start...
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.