By reading from the actual memory address, yes. Defeating kASLR with side channels is meh. Reading from actual addresses is a different matter entirely.
Bigger than KASLR it seems. https://twitter.com/brainsmoke/status/948561799875502080 Not good.
"Do you think maths is discovered or invented? To tell you the truth, I don't think I know a mathematician who doesn't think that it's discovered." Anyone else struck by this? It has really never occurred to before that…
Seeing this at 11 is honestly what made me interested in computers and pushed me towards my current career, so seeing that it is 20 years old is sort of a shock. I can also certainly can relate to the portion of the…
I tend to agree with most points. I always credit my undergraduate CS education with teaching me about how to think about a variety of computational problems using a variety of languages as lenses. I actually think that…
For now. Reading into it, it seems like they found one of the useful UAFs that facilitates a memory write instead of your less useful CALL virt_func. Flash is just a means to create an infoleak by over-wrting the vector…
This is actually one of the reasons I do what is now called "Intermittent Fasting". I found in my teens that I was much, much more focused and alert on an empty stomach. I've always assumed it had to do my insulin…
Agreed, don't run AV at all. It is always fun to take something from metasploit, see that is detected by most AVs - change one or two strings that are obvious choices for signatures and watch detection rates drop to…
I would be interested to see what the blood levels of EPA/DHA were in the patients studied, the article isn't really helpful in that respect and it may be important.
Burnout in tech circles is like Depression in the population in general. 90% of people who say they have it really don't and the people who say it doesn't exist have no idea what in the world they are talking about. But…
2 is particularly relevant and more than solid grasp of CS is required depending on what you choose to do within the field. Malware Analysis for example can require understanding data structures, calling conventions,…
Frankly, this is a bigger problem that isn't nationally recognized. The mayor is under federal investigation for his campaign and I've lost count of how many officials have been arrested or investigated at the federal…
I couldn't agree with you more. I actually said this at my last job interview when asked why I was leaving. I've learned more in the last 6 months being surrounded by much smarter people than the 6 years of being "the…
"Snowden's hacking prowess" So we're back to this. First the "Snowden had a Hacker Certification" nonsense (ignoring that CEHs are required by DoD for OPS jobs and aren't exactly high-quality to begin with) and now…
Not a Snowden fan in the least but ignoring the fact that CEH certification is "highly valued" for quite a few DoD jobs (http://www.eccouncil.org/Support/dod-8570), this reeks of attempting to write off terrible access…
Exploits or vulnerabilities? If they are handing out fully built exploits, I have a problem with it. If they are just vulns then yeah, it is probably MAPP which isn't news really.
I've been reading far too much about the downsides lately when trying to decide if I want to do it, so this was a fun diversion. I'm 28, fresh out of a CS MS program, work full time at a job doing computer security…
This hits home as I just finished a very well known part-time course-work only (with a pseudo-thesis option) program. I actually have a little different opinion - what's killing the value of an MS in CS is the fact that…
I wish more universities taught courses along the lines of real 'hacking', or at least close to it. I just finished a course about Malware and Vulnerability Analysis/Reverse Engineering as part of my MS and it was…
I'm not opposed to this at all but I question how exactly enforcement would/can work. We don't know with 100% accuracy who was responsible for Stuxnet, Flame, Operation Aurora, etc and especially with code, it is going…
That was actually my first thought as well. To be fair, it was C with Simple Object Orientation so not quite as terrible as misidentifying C++ straight up though it was still a bit of a fiasco. From their perspective,…
Almost always when I visit. There are very interesting things that just never make it to the top-stories for one reason or another so I don't want to miss them.
I have been keeping a list of books I used to augment my CS Masters Degree courses on various topics, here are the relevant ones I have found useful for the topics you have listed: --Computer Organization--: Computer…
We used Concepts of Programming Languages (http://www.pearsonhighered.com/educator/product/Concepts-of-...) in my undergraduate Comparative Languages course which was very good and seems to cover much of the same…
I think people underestimate how their relatively late release hurt them for the low-tech consumer. A number of people probably went with Iphone or Android before the first WP devices came to market and now are too…
By reading from the actual memory address, yes. Defeating kASLR with side channels is meh. Reading from actual addresses is a different matter entirely.
Bigger than KASLR it seems. https://twitter.com/brainsmoke/status/948561799875502080 Not good.
"Do you think maths is discovered or invented? To tell you the truth, I don't think I know a mathematician who doesn't think that it's discovered." Anyone else struck by this? It has really never occurred to before that…
Seeing this at 11 is honestly what made me interested in computers and pushed me towards my current career, so seeing that it is 20 years old is sort of a shock. I can also certainly can relate to the portion of the…
I tend to agree with most points. I always credit my undergraduate CS education with teaching me about how to think about a variety of computational problems using a variety of languages as lenses. I actually think that…
For now. Reading into it, it seems like they found one of the useful UAFs that facilitates a memory write instead of your less useful CALL virt_func. Flash is just a means to create an infoleak by over-wrting the vector…
This is actually one of the reasons I do what is now called "Intermittent Fasting". I found in my teens that I was much, much more focused and alert on an empty stomach. I've always assumed it had to do my insulin…
Agreed, don't run AV at all. It is always fun to take something from metasploit, see that is detected by most AVs - change one or two strings that are obvious choices for signatures and watch detection rates drop to…
I would be interested to see what the blood levels of EPA/DHA were in the patients studied, the article isn't really helpful in that respect and it may be important.
Burnout in tech circles is like Depression in the population in general. 90% of people who say they have it really don't and the people who say it doesn't exist have no idea what in the world they are talking about. But…
2 is particularly relevant and more than solid grasp of CS is required depending on what you choose to do within the field. Malware Analysis for example can require understanding data structures, calling conventions,…
Frankly, this is a bigger problem that isn't nationally recognized. The mayor is under federal investigation for his campaign and I've lost count of how many officials have been arrested or investigated at the federal…
I couldn't agree with you more. I actually said this at my last job interview when asked why I was leaving. I've learned more in the last 6 months being surrounded by much smarter people than the 6 years of being "the…
"Snowden's hacking prowess" So we're back to this. First the "Snowden had a Hacker Certification" nonsense (ignoring that CEHs are required by DoD for OPS jobs and aren't exactly high-quality to begin with) and now…
Not a Snowden fan in the least but ignoring the fact that CEH certification is "highly valued" for quite a few DoD jobs (http://www.eccouncil.org/Support/dod-8570), this reeks of attempting to write off terrible access…
Exploits or vulnerabilities? If they are handing out fully built exploits, I have a problem with it. If they are just vulns then yeah, it is probably MAPP which isn't news really.
I've been reading far too much about the downsides lately when trying to decide if I want to do it, so this was a fun diversion. I'm 28, fresh out of a CS MS program, work full time at a job doing computer security…
This hits home as I just finished a very well known part-time course-work only (with a pseudo-thesis option) program. I actually have a little different opinion - what's killing the value of an MS in CS is the fact that…
I wish more universities taught courses along the lines of real 'hacking', or at least close to it. I just finished a course about Malware and Vulnerability Analysis/Reverse Engineering as part of my MS and it was…
I'm not opposed to this at all but I question how exactly enforcement would/can work. We don't know with 100% accuracy who was responsible for Stuxnet, Flame, Operation Aurora, etc and especially with code, it is going…
That was actually my first thought as well. To be fair, it was C with Simple Object Orientation so not quite as terrible as misidentifying C++ straight up though it was still a bit of a fiasco. From their perspective,…
Almost always when I visit. There are very interesting things that just never make it to the top-stories for one reason or another so I don't want to miss them.
I have been keeping a list of books I used to augment my CS Masters Degree courses on various topics, here are the relevant ones I have found useful for the topics you have listed: --Computer Organization--: Computer…
We used Concepts of Programming Languages (http://www.pearsonhighered.com/educator/product/Concepts-of-...) in my undergraduate Comparative Languages course which was very good and seems to cover much of the same…
I think people underestimate how their relatively late release hurt them for the low-tech consumer. A number of people probably went with Iphone or Android before the first WP devices came to market and now are too…