https://struct.github.io https://secure.dev
The Murray Hill campus may have been where the bulk of the innovation happened but the former Holmdel site is the architectural gem of the two. Thankfully it was preserved and is now functional and used as ‘Bell Works’.
Sure. I'm just not sure why their existence depends on cheating the remaining tax payers out of tens of millions of dollars every year.
> These are landowners who farm as a tax dodge This is exactly what it is here in NJ. They’re called ‘fake farmers’ here, and a quick google search will show you they cost the state tens of millions in lost tax revenue…
Most people have no idea this exists or any of the historic events and scientific achievements that happened at these locations or in the near by area such as the Horn Antenna or Radio Astronomy at the old Bell Labs…
I used to work at this location when it was an active military base. The Army Signal corps made movies there long before Netflix. As a local resident its nice to see some reinvestment in the base a full 12~ years since…
Reducing the likelihood of side channels through transparency is a worthy endeavor. But for RISC-V, adoption of Control Flow Integrity (CFI) and memory tagging capabilities will have far greater security impact for the…
I asked this same question not long ago and the CEO of a well known company in this same research area reached out and recommended Veritas Genomics https://veritasgenetics.com/mygenome/ I’ve yet to finish the order…
Thank you Tom. It’s a really exciting area of research.
No it will still catch it if you access the 42nd byte with a read, but not if you write to any other byte first. Thats just a limitation of page faults and the information provided by userfaultfd.
Correct, this technique works on a page by page basis. It's the only way to do it with userfaultfd as the technique relies entirely on the first page fault being a read and not a write. Im working on a feature that…
I've gotten this feedback before. It's probably time to change it from #414141
IsoAlloc author here. Thanks for reading the post and linking to the security properties. I plan to expand on those in an additional post and how I implemented them. You're right that Electric Fence takes a different…
When in doubt just assume Mark Dowd found it first http://taossa.com/index.php/2007/01/03/attacking-delete-and-... (dead link) but see here too http://www.blackhat.com/presentations/bh-usa-07/Dowd_McDonal...
I used to teach a training on the subject (all the course material is now free at https://github.com/struct/mms). I had a section on ‘where to look’ for vulnerabilities. I started this section off with a scenario:…
Sure. First name dot last name at gmail
I built and sold (acquihired) a small successful security consultancy from 2011-2014. My experience is seen through the lens of security consulting. I should really write all this down in a longer form but heres the…
Yahoo Paranoids are hiring for all sorts of security positions in Sunnyvale, San Francisco, and NYC. Lots of very interesting and challenging work (plus great perks). Lots of room for junior people too. My team is…
This was %100 Johns work.
I am the author of this code. If you're interested in getting started with it right away then check out Eucalyptus: https://github.com/yahoo/rtrace/tree/master/Eucalyptus I wrote Eucalyptus as the primary unit test for…
Heres Chris Leary's patch for Firefox. A bit dated at this point though https://bugzilla.mozilla.org/show_bug.cgi?id=677272
Nearly every browser engine has or had patches at one time to accomplish this. Its a call to mprotect/VirtualProtect after writing native code to memory. Theres a performance hit to JIT engines that update emitted code…
> Passwords at Project Euler are strongly encrypted using a one-way hash This does not instill confidence. Hashes are not encryption. Furthermore there is an enormous difference between "we store your password as a…
20+ years of insecure code resulting in remote code execution vulnerabilities, lack of authentication and integrity, authorization bypasses and more. Yet a simple out-of-bounds read becomes the straw that breaks the…
This depends on a couple of different things. The most important of which is "at what stage of development is the application? (i.e. how mature and well tested is this code)". Software Development Life Cycle (SDLC)…
NaCl is not exactly a stepping stone to the renderer. NaCl modules live outside the renderer process in a much tighter sandbox that uses control flow integrity and software fault isolation. Gaining code execution within…
The Murray Hill campus may have been where the bulk of the innovation happened but the former Holmdel site is the architectural gem of the two. Thankfully it was preserved and is now functional and used as ‘Bell Works’.
Sure. I'm just not sure why their existence depends on cheating the remaining tax payers out of tens of millions of dollars every year.
> These are landowners who farm as a tax dodge This is exactly what it is here in NJ. They’re called ‘fake farmers’ here, and a quick google search will show you they cost the state tens of millions in lost tax revenue…
Most people have no idea this exists or any of the historic events and scientific achievements that happened at these locations or in the near by area such as the Horn Antenna or Radio Astronomy at the old Bell Labs…
I used to work at this location when it was an active military base. The Army Signal corps made movies there long before Netflix. As a local resident its nice to see some reinvestment in the base a full 12~ years since…
Reducing the likelihood of side channels through transparency is a worthy endeavor. But for RISC-V, adoption of Control Flow Integrity (CFI) and memory tagging capabilities will have far greater security impact for the…
I asked this same question not long ago and the CEO of a well known company in this same research area reached out and recommended Veritas Genomics https://veritasgenetics.com/mygenome/ I’ve yet to finish the order…
Thank you Tom. It’s a really exciting area of research.
No it will still catch it if you access the 42nd byte with a read, but not if you write to any other byte first. Thats just a limitation of page faults and the information provided by userfaultfd.
Correct, this technique works on a page by page basis. It's the only way to do it with userfaultfd as the technique relies entirely on the first page fault being a read and not a write. Im working on a feature that…
I've gotten this feedback before. It's probably time to change it from #414141
IsoAlloc author here. Thanks for reading the post and linking to the security properties. I plan to expand on those in an additional post and how I implemented them. You're right that Electric Fence takes a different…
When in doubt just assume Mark Dowd found it first http://taossa.com/index.php/2007/01/03/attacking-delete-and-... (dead link) but see here too http://www.blackhat.com/presentations/bh-usa-07/Dowd_McDonal...
I used to teach a training on the subject (all the course material is now free at https://github.com/struct/mms). I had a section on ‘where to look’ for vulnerabilities. I started this section off with a scenario:…
Sure. First name dot last name at gmail
I built and sold (acquihired) a small successful security consultancy from 2011-2014. My experience is seen through the lens of security consulting. I should really write all this down in a longer form but heres the…
Yahoo Paranoids are hiring for all sorts of security positions in Sunnyvale, San Francisco, and NYC. Lots of very interesting and challenging work (plus great perks). Lots of room for junior people too. My team is…
This was %100 Johns work.
I am the author of this code. If you're interested in getting started with it right away then check out Eucalyptus: https://github.com/yahoo/rtrace/tree/master/Eucalyptus I wrote Eucalyptus as the primary unit test for…
Heres Chris Leary's patch for Firefox. A bit dated at this point though https://bugzilla.mozilla.org/show_bug.cgi?id=677272
Nearly every browser engine has or had patches at one time to accomplish this. Its a call to mprotect/VirtualProtect after writing native code to memory. Theres a performance hit to JIT engines that update emitted code…
> Passwords at Project Euler are strongly encrypted using a one-way hash This does not instill confidence. Hashes are not encryption. Furthermore there is an enormous difference between "we store your password as a…
20+ years of insecure code resulting in remote code execution vulnerabilities, lack of authentication and integrity, authorization bypasses and more. Yet a simple out-of-bounds read becomes the straw that breaks the…
This depends on a couple of different things. The most important of which is "at what stage of development is the application? (i.e. how mature and well tested is this code)". Software Development Life Cycle (SDLC)…
NaCl is not exactly a stepping stone to the renderer. NaCl modules live outside the renderer process in a much tighter sandbox that uses control flow integrity and software fault isolation. Gaining code execution within…