* Posts by Fullmetal5

6 posts • joined 8 Apr 2016

Chrome 66: Get into the bin, auto-playing vids and Symantec certs!

Fullmetal5

Re: Spectre?

I don't know Spectre stuff very well but from what I understand this isn't about ALSR like the other commenter was saying but about making the Javascript JIT that is included in Google Chrome avoid generating code that could be abused for speculative execution or generate some speculative execution barrier in the vulnerable parts. This is because Javascript gets compiled to assembly for performance instead of being interpreted. Chrome's JIT implementation (called V8) had the possibility to JIT code that could be abused to do timing attacks against some address and figure out either if there was anything mapped there or if some data they predicted would be there.

As for your comment on process isolation. I believe it's because Spectre was never about getting info from other SEPARATE processes. It was about getting info from mapped pages that weren't readable to the current process. Like ring-0 code reading something vs ring-3 code reading something. As long as none of the other pages from that process were mapped into memory of the second process then I don't think Spectre affects things like this. The reason Chrome does process isolation is so that if someone gets code execution in a rendering process or such then it won't be able to read things like cookies or the page contents of sites that weren't from the same origin as that rendering process.

NetBSD, OpenBSD improve kernel security, randomly

Fullmetal5

That's not how KASLR works in any implementation and for good reason.

Before the kernel begins executing it's totally feasible to relocate it but after the kernel starts running the kernel can't be moved without breaking any pointer it has to its self.

Also think of the performance hit. Even if the kernel is only a couple megabytes big with drivers added that's still a large amount of data that needs to be moved every so often.

Also how often would you move the kernel around?

Even if you solve all of those problems that doesn't even help because all an attacker has to do it use whatever address leak exploit they were using in the first place just later in the exploit chain so that it will still be correct whenever the exploit actually use it.

KASLR is just suppose to make it so that the address isn't predictable without leaking its address somehow, not to prevent leaks from permanently disclosing the kernel location.

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

Fullmetal5

Re: The very definition of technical debt

From what I understand here is what happened.

Linus first noticed a bug that was a side effect of this underlying error and attempted to fix it. He rolled it back due to the S/390 build failing and just said screw it since the bug he was experiencing wasn't actually doing anything bad at the time. This was all before Copy On Write was implemented into the kernel so there wasn't any vulnerability yet. Fast forward 10 years and COW is now implemented in the kernel around this buggy code. Someone found the bug and used it in combination with COW to produce this exploit in the wild. Then it was noticed and patched. I don't think Linus would have just left a bug like that sit for 10 years unless it was pretty trivial and at the time couldn't cause anything malicious.

Android's security patch quagmire probed by US watchdogs

Fullmetal5

Re: Nexus NOT immune to this.

I wouldn't say it's been abandon ages ago.

According to the Nexus 7 (2012 edition)'s Wikipedia page the device is upgradable to 5.1.1 Lollipop and CyanogenMod is still providing updates for it. (granted not for Marshmallow but since it is still getting the nightly builds it's possible for it to get Marshmallow)

Chrome edges out IE for desktop browser crown

Fullmetal5

Looking at more sources

Whenever I read about browser market shares I wonder how accurate the measurements are. I guess it just depends on what the site and thus the people that are visiting it. Even sites like this that collect data from thousands of websites are probably off by quite a bit.

In a lot of the other articles that I've seen it always seems that Chrome is on top followed by Firefox or IE. Just as an example if you google "browser market share" and click the first link you get this article's source which says that IE is neck and neck with Chrome. While if you click the second or third link you will see that Chrome dominating with Firefox and IE fighting for second.

Just from exploring the other links I've started to see that trend again of Chrome then Firefox/IE. Judging from the majority rather than just one I'd probably say the Chrome really is on top and from the looks of it by quite a considerable amount, not that that can't change pretty quickly thought.

It's not that this article is necessarily wrong, it's just that it's a bit of an oddity compared to the rest and as such I kinda question if it's source is very accurate.

China's Great Firewall inventor forced to use VPN live on stage to dodge his own creation

Fullmetal5

Link?

Does anybody have a link to his speech?

I'm interested to hear how he portrayed places that don't censor their internet.

Biting the hand that feeds IT © 1998–2019