HackerTrans
TopNewTrendsCommentsPastAskShowJobs

IAmLiterallyAB

no profile record

Submissions

The PGP Problem

latacora.com
3 points·by IAmLiterallyAB·قبل 7 أشهر·0 comments

comments

IAmLiterallyAB
·قبل 20 يومًا·discuss
Oops, you're right. I was thinking of those as nearly interchangeable but they're actually pretty different.

I might give it a try when I have a chance, I'll let you know if anything comes of it.
IAmLiterallyAB
·قبل 20 يومًا·discuss
I wonder if an adversarial user could bypass the checks and achieve memory corruption / code execution. Maybe not a practical attack in most situations but a fun exercise.

> This includes things like asm volatile("" : : : "memory"), which is an old-school way of saying atomic_signal_fence(memory_order_seq_cst).

Not quite. AIUI, the first is just a barrier for the compiler, while the second is also a CPU memory barrier. Godbolt seems to confirm that.

https://godbolt.org/z/a844zKej8
IAmLiterallyAB
·قبل شهرين·discuss
Yes but at best their "solution" is equally secure, not any better.
IAmLiterallyAB
·قبل شهرين·discuss
That's a privacy violation, not relevant.
IAmLiterallyAB
·قبل 4 أشهر·discuss
For the old version support. Why not do some compile time #ifdef SUPPORT_ES3? That way library writers can support it and if the user doesn't need it they can disable it at compile time and all the legacy code will be removed
IAmLiterallyAB
·قبل 4 أشهر·discuss
It doesn't bypass it exactly, it's still accessing it via virtual memory and the page tables. It's just that the kernel maintains one big linear memory map of RAM that's writable.
IAmLiterallyAB
·قبل 4 أشهر·discuss
Citation needed. We don't even know if indistinguishability obfuscation is possible.
IAmLiterallyAB
·قبل 5 أشهر·discuss
And everyone uses Ghidra exclusively where I work. I'd say we're a serious operation
IAmLiterallyAB
·قبل 5 أشهر·discuss
Amusing because gmail doesn't even follow spec. I had to workaround gmail quirks when I worked at an email company.

Better than outlook though. What a nightmare.
IAmLiterallyAB
·قبل 5 أشهر·discuss
Half the time when people say they're using telnet (including in this thread) they're really just using the client as a TCP client, not doing anything with the Telnet protocol.

No one is stopping you from using the telnet client. And really you should just use netcat
IAmLiterallyAB
·قبل 5 أشهر·discuss
That doesn't work on any* NAND flash device, be it a flash drive, NVME, SATA, whatever.

The block device you see is an abstraction provided by the SSD controller. In reality, the flash capacity is larger. Pages are swapped out for wear leveling. If a block goes bad, it'll be taken out of commission, and your data may hide in there.

All of this happens on the SSD controller. The kernel doesn't know. You have no way to directly erase or modify specific blocks.

*Okay, there are raw NAND flash chips without controllers, but that is not you're working with when you have a SSD or flash drive. If you do have a raw flash chip, you can more directly control flash contents.
IAmLiterallyAB
·قبل 5 أشهر·discuss
To maximize device performance when wiping a drive to use for something else, I use nvme format with --ses=1.

Which in theory should free all of the blocks on the flash.

Really hard to find good documentation on this stuff. Doesn't help that 95% of internet articles just say "overwrite with zeroes" which is useless advice
IAmLiterallyAB
·قبل 5 أشهر·discuss
As far as I know, there is NO way to securely erase a USB flash drive (barring some undocumented vendor specific commands that may exist).
IAmLiterallyAB
·قبل 6 أشهر·discuss
They explicitly check if the referrer is hackernews and do that.
IAmLiterallyAB
·قبل 7 أشهر·discuss
Another related writeup https://www.latacora.com/blog/2019/07/16/the-pgp-problem/
IAmLiterallyAB
·قبل 7 أشهر·discuss
Another hackernews hater checking the http referrer I'd guess
IAmLiterallyAB
·قبل 7 أشهر·discuss
Opus?
IAmLiterallyAB
·قبل 7 أشهر·discuss
Switch to an ILP32 ABI and you get a lot of that space back
IAmLiterallyAB
·قبل 10 أشهر·discuss
I don't know if it was filename exactly, but a similar story:

> Jon Ross, who wrote the original version of SimCity for Windows 3.x, told me that he accidentally left a bug in SimCity where he read memory that he had just freed. Yep. It worked fine on Windows 3.x, because the memory never went anywhere. Here’s the amazing part: On beta versions of Windows 95, SimCity wasn’t working in testing. Microsoft tracked down the bug and added specific code to Windows 95 that looks for SimCity. If it finds SimCity running, it runs the memory allocator in a special mode that doesn’t free memory right away. That’s the kind of obsession with backward compatibility that made people willing to upgrade to Windows 95.

https://www.joelonsoftware.com/2000/05/24/strategy-letter-ii...
IAmLiterallyAB
·قبل 10 أشهر·discuss
What's preventing a compromised kernel on one core from hijacking the other cores? This doesn't seem like much of a security boundary