|
Burn the entire advertising industry to the ground
|
#
?
Jan 1, 2018 00:32
|
|
|
|
| # ? May 14, 2024 04:02 |
|
|
maskenfreiheit posted:cool did this It's also a good idea to set up a master password for your firefox profile if you've not done so already.
|
|
#
?
Jan 1, 2018 00:34
|
|
|
rafikki posted:Burn the entire advertising industry to the ground this but capitalism in general
|
|
#
?
Jan 1, 2018 00:40
|
|
|
rafikki posted:Burn the entire advertising industry to the ground EU is on it
|
|
#
?
Jan 1, 2018 00:41
|
|
|
Wiggly Wayne DDS posted:Squeezing a key through a carry bit by Sean Devlin, Filippo Valsorda (50:02) Wiggly Wayne DDS posted:Microarchitectural Attacks on Trusted Execution Environments by Keegan Ryan (55:02) Wiggly Wayne DDS posted:Public FPGA based DMA Attacking by Ulf Frisk (31:27)
|
|
#
?
Jan 1, 2018 00:50
|
|
|
https://twitter.com/s1guza/status/947603265700601856 don’t know if it holds any merit but looks woops
|
|
#
?
Jan 1, 2018 01:24
|
|
|
Chalks posted:It's also a good idea to set up a master password for your firefox profile if you've not done so already. yes i set up a master password. but firefox asks for that each session then it's fair game? i turned off the autofill to be extra safe
|
|
#
?
Jan 1, 2018 01:26
|
|
|
maskenfreiheit posted:yes i set up a master password. but firefox asks for that each session then it's fair game? Yeah, it's not directly related to the issue but it's a really good idea if you're using firefox to manage passwords and it's not an immediately obvious feature.
|
|
#
?
Jan 1, 2018 01:29
|
|
|
Wiggly Wayne DDS posted:as a generic issue it's more about autofilling usernames/passwords so: http://kb.mozillazine.org/Signon.autofillForms thanks for this
|
|
#
?
Jan 1, 2018 01:31
|
|
|
geonetix posted:https://twitter.com/s1guza/status/947603265700601856 i'm on an mbp so i could try it but lol if you think i'm going to
|
|
#
?
Jan 1, 2018 01:46
|
|
|
geonetix posted:https://twitter.com/s1guza/status/947603265700601856 lol applescript is the gift that keeps giving quote:First, we can try with some AppleScript trickery. loginwindow implements something called “AppleEventReallyLogOut” or “aevtrlgo” for short, which attempts to log the user out without a confirmation dialogue. For reasons of apparent insanity, loginwindow does not seem to verify where this event is coming from, so any unprivileged account such as, say, nobody, can get away with this:
|
|
#
?
Jan 1, 2018 02:02
|
|
|
Wiggly Wayne DDS posted:these are the highlight talks imo, there's still great talks outside of these but if you could only watch x talks i'd choose these i need to try and find the time to watch these because some of them look interesting even for an idiot such as myself so thanks for the summary!
|
|
#
?
Jan 1, 2018 03:29
|
|
|
Wiggly Wayne DDS posted:these are the highlight talks imo, there's still great talks outside of these but if you could only watch x talks i'd choose these Thanks!
|
|
#
?
Jan 1, 2018 05:21
|
|
|
warning: loud music https://www.youtube.com/watch?v=vMP6zu38YE4
|
|
#
?
Jan 1, 2018 13:08
|
|
|
are you READY for some GOD drat FOOTBALL??? http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table quote:Putting it all together, I would not be surprised if we start 2018 with the release of the mother of all hypervisor privilege escalation bugs, or something similarly systematic as to drive so much urgency, and the presence of so many interesting names on the patch set’s CC list.
|
|
#
?
Jan 1, 2018 15:29
|
|
|
Cocoa Crispies posted:are yer gosh darn right https://www.youtube.com/watch?v=ocUUPJOiInI https://www.youtube.com/watch?v=1AuQRjx13Gk
|
|
#
?
Jan 1, 2018 15:56
|
|
|
some good talks not already mentioned The making of a chip by Ari (52 min) https://www.youtube.com/watch?v=JlshnJjsw8E Quick talk on what goes into a chip and how to manufacture one. The Q&A is longer than the talk itself and is really what makes this talk. And just as you think it’s over the presenter pulls out what might be the starter for next year’s talk! Free Electron Lasers by Thorsten (59 min) https://www.youtube.com/watch?v=RKqof77pKBc Great talk, great presentation and a good Q&A covering the advances in microscopic imaging, how particle accelerators work and the scales involved, from someone who builds these things. Also a brief glimpse to the prettiest worst UI imaginable. Dude, you broke the Future! by Charles Stross (57 min) https://www.youtube.com/watch?v=RmIgJ64z6Y4 Fun talk calling bullshit on Roko’s Basilisk, Singularity and more nerd fetishes, with a little bit of how to be a sci-fi writer, but mainly questioning what sort of machine intelligence are we really building. This talk was a positive surprise to me.
|
|
#
?
Jan 1, 2018 16:17
|
|
|
Cocoa Crispies posted:are
|
|
#
?
Jan 1, 2018 17:00
|
|
|
Wiggly Wayne DDS posted:these are the highlight talks imo, there's still great talks outside of these but if you could only watch x talks i'd choose these the SCADA talk was amazing and terrifying, thank you. i work with some of these devices (but all are airgapped/firewalled/in probably the most secure type of building in North America) on the "closer to the machines/process" side as an ME but vaguely had an idea of how lax security on these devices could be. leaves me wondering where to learn more about this, and, uh, how lovely security in consumer IoT/Smart devices must be
|
|
#
?
Jan 1, 2018 17:23
|
|
|
(k)aslr is extremely weak and anyone relying on it to provide any real security is in for a surprise
|
|
#
?
Jan 1, 2018 17:43
|
|
|
https://twitter.com/mubix/status/947866655111204864
|
|
#
?
Jan 1, 2018 17:58
|
|
|
https://twitter.com/PeterNHess/status/947612630499422214
|
|
#
?
Jan 1, 2018 18:03
|
|
|
is this why they call it fuzzing
|
|
#
?
Jan 1, 2018 19:53
|
|
|
https://lkml.org/lkml/2017/12/27/2quote:AMD processors are not subject to the types of attacks that the kernel
|
|
#
?
Jan 2, 2018 01:34
|
|
|
DrPossum posted:this but capitalism in general
|
|
#
?
Jan 2, 2018 01:42
|
|
|
I'm X86_BUG_CPU_INSECURE
|
|
#
?
Jan 2, 2018 01:53
|
|
|
cinci zoo sniper posted:warning: loud music well of course they’re still on xp lol
|
|
#
?
Jan 2, 2018 02:01
|
|
|
https://twitter.com/grsecurity/status/947439275460702208
|
|
#
?
Jan 2, 2018 02:05
|
|
|
why are grsec people so bad lol
|
|
#
?
Jan 2, 2018 02:08
|
|
|
I'm assuming X86_BUG_CPU_INSECURE is a placeholder until the embargo lifts and then they'll rename it. possibly relevant: https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/ if I understand this correctly: if an unprivileged thread loads data from a supervisor page, the CPU will generate a fault however, Intel CPUs will speculatively execute instructions after the faulting instruction before the fault is generated this means you can load a value from an arbitrary kernel address and then load data from a userspace address derived from that kernel value, and then even though that kernel read faulted and the value was never given to userspace you can measure the cache timings for a bunch of userspace addresses to figure out what the kernel value was and because the kernel has all of physical memory mapped, you can read all of the memory in every other hypervisor guest
|
|
#
?
Jan 2, 2018 02:09
|
|
|
Truga posted:why are grsec people so bad lol
|
|
#
?
Jan 2, 2018 02:12
|
|
|
pseudorandom name posted:possibly relevant: https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/ fwiw, this article is "this seemed promising, but didn't end up with any concrete results" it does seem likely that someone found a way to actually leak useful information with this mechanism, but it's not the way described in this article
|
|
#
?
Jan 2, 2018 02:22
|
|
|
this PTI kerfuffle is the best thing in ages
|
|
#
?
Jan 2, 2018 03:21
|
|
|
Pardon The Intrusion
|
|
#
?
Jan 2, 2018 05:37
|
|
|
|
|
#
?
Jan 2, 2018 16:35
|
|
|
lol my brother used to keep cash in this plastic toy safe as a childe he forgot the combination when he found it again so I just smashed it against the floor until it opened
|
|
#
?
Jan 2, 2018 18:08
|
|
|
when i was a kid i just got a wooden box and then with dad's help put two different padlocks on it so that it was extra safe  then i forgot the combo to one of them and we had to angle grinder it off
|
|
#
?
Jan 2, 2018 18:15
|
|
|
when i was a kid my primary security concern was making sure my cats didn’t poo poo in my lego
|
|
#
?
Jan 2, 2018 18:18
|
|
|
Oh joy, another CPU bug that requires hardware changes to fix: https://nixcraft.tumblr.com/post/169209890277/the-mysterious-case-of-the-linux-page-table quote:tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer.
|
|
#
?
Jan 2, 2018 19:12
|
|
|
|
| # ? May 14, 2024 04:02 |
|
|
CommieGIR posted:Oh joy, another CPU bug that requires hardware changes to fix: isn't that the one we've been talking about for like the last page or two? i can't tell because everyone seems to be addressing it in the abstract since it's embargoed so there's no real details
|
|
#
?
Jan 2, 2018 19:14
|
|