Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v14.1 - Hello, is this a delivery order?
«2 »
 
  • Locked thread
Jabor
Jul 16, 2010

#1 Loser at SpaceChem

Notorious b.s.d. posted:

ok so how do i get those crypto keys?

with meltdown, the answer is obvious -- just dump enough memory at 500 kb/s and you will find some good stuff at random.

with the branch predictor exploit, i just don't get it

just how much entropy do you think there is in the kernel's aslr?

* # ¿ Jan 4, 2018 19:50
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 14, 2024 13:32
  • Quote
Jabor
Jul 16, 2010

#1 Loser at SpaceChem
post the actual details of your proposed scheme for preventing javascript from being able to figure out this sort of thing, so everyone else can laugh at how dumb you are

* # ¿ Jan 10, 2018 13:51
  • Quote
Jabor
Jul 16, 2010

#1 Loser at SpaceChem

Subjunctive posted:

sure, but it'd be the same bug if it were running on whatever.com, which also happens. a browser won't just bridge arbitrary origins, an explicit software-level (vs configuration) secfuck is required

Of course, stuff like "not validating that the hostname in the request is 'localhost'" counts a secfuck in this context - the browser will happily send requests to 127.0.0.1 if some other (potentially attacker-controlled) DNS name is resolving to that.

* # ¿ Jan 12, 2018 14:02
  • Quote
Jabor
Jul 16, 2010

#1 Loser at SpaceChem
From what I hear of American door looks, you can bust 'em open in a few seconds with a rake.

* # ¿ Jan 16, 2018 13:55
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v14.1 - Hello, is this a delivery order?
«2 »