Jack L.

@randohacker

computer hacking @ NCC Group. . earnest. applied cryptography, Linux kernel, memory (un)safety.

Bay Area, CA, USA
Vrijeme pridruživanja: lipanj 2019.

Medijski sadržaj

  1. 2. velj
    Odgovor korisnicima i sljedećem broju korisnika:

    If you’re interested in this scenario, see also:

  2. 30. sij
    Odgovor korisnicima

    awesome, i loved his talk last year!

  3. 30. sij
  4. 29. sij
    Prikaži ovu nit
  5. 22. sij

    Mostly unrelated, but it doesn’t look like macOS has “atomic” CLOEXEC APIs. You can set it with fctnl(...) after opening (as you can in Linux), but see open(2)‘s man pages for why that’s risky:

    Prikaži ovu nit
  6. 18. sij
    Odgovor korisniku/ci

    Did ya catch the associated talk?

  7. 14. sij
    Odgovor korisnicima

    I really enjoyed this lecture of his in particular

  8. 10. sij
    Odgovor korisniku/ci

    see also “safari 911” 🤩

  9. 9. sij

    Uses cases, usage, and impl details on pidfds, recently added to Linux. They’re stable ref to process, as opposed to ref by integer pid that can be recycled and changed out from under you, e.g. precondition in this slick bug

    Prikaži ovu nit
  10. 8. sij
  11. 3. sij
    Odgovor korisnicima
  12. 3. sij
    Odgovor korisnicima

    this is also interesting. You can gossip out public keys for peers whose keys you know (but recipients don’t), like in a group thread, and it looks like keys received this way can be used to encrypt in other contexts (tho they’re lest trusted in the fallback logic).

  13. 3. sij
    Odgovor korisniku/ci

    spec says “active adversaries” are out-of-scope (i.e. those that can tamper with mail headers). for ex, peer’s public key extracted from a header in their mail(s). the “youngest” public key is used (i.e. no TOFU/cross-signing is prescribed).

  14. 27. pro 2019.
    Prikaži ovu nit
  15. 27. pro 2019.
    Odgovor korisnicima

    nothing more than an offhand comment, but the ECDSA sig verif routine in the ATECC508A lacked output authenticity (can bus middle bool). ATECC608A optionally MACs output.

  16. 10. pro 2019.

    Great talk on QNX: internals and exploit mitigations

  17. 27. stu 2019.
    Odgovor korisniku/ci
  18. 26. stu 2019.

    Enjoyed this demo-heavy talk from from this year’s Linux Security Summit EU. It gives insight into past, present, future of Linux containers and how the primitives they’re constructed with work.

    Prikaži ovu nit
  19. 8. stu 2019.

    This following talk from this year’s Linux Security Summit EU is a good pairing:

    Prikaži ovu nit
  20. 25. lis 2019.
    Odgovor korisnicima

    (the talk was recently posted if talks are more peoples’ jam )

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·