HackerTrans
TopNewTrendsCommentsPastAskShowJobs

beachhead

no profile record

Submissions

JIRCii – Java IRC Client

jircii.dashnine.org
4 points·by beachhead·hace 9 meses·2 comments

comments

beachhead
·hace 9 meses·discuss
https://imgur.com/EiHZIXJ - wonder if any of these folks are still around?

#flux is still alive and kickin' 24 years later but much smaller than in 2001.
beachhead
·hace 3 años·discuss
oh i must be confused about what a CTF challenge is
beachhead
·hace 3 años·discuss
so they're used in combination with already known exploits but you're saying no one uses them during the development of exploits?
beachhead
·hace 3 años·discuss
what are popular ROP compilers used for then?
beachhead
·hace 3 años·discuss
what's cattle slavery? we talkin dairy cows or what?
beachhead
·hace 3 años·discuss
I'm looking forward to it!
beachhead
·hace 3 años·discuss
I hear you. I guess I'd just like to see more hacking and less of the memes. For me I think again that it would help more than hurt.

I'm an old man now and maybe I've gone a bit soft but I don't see much benefit in mocking and am more interested in helping even if that means wasting a bit of time.
beachhead
·hace 3 años·discuss
Can you share more about what you are working on right now? If not, hopefully we'll see something about it in the near future once you're done.
beachhead
·hace 3 años·discuss
It would be cool for one of these folks (or anyone really) to show us why these things won't work. I see people I respect in that thread but I'm also very tired of hearing about how trivial these things are and not seeing someone spend, according to them, very little time to bypass these things.

Obviously, I'm not smart enough to do it or else I'd be doing it. However, I'm not going around making wild claims either. I think something like that would help rather than hinder OpenBSD.
beachhead
·hace 3 años·discuss
More from Qualys: https://seclists.org/oss-sec/2023/q1/109

More from OpenBSD: https://marc.info/?l=openbsd-tech&m=167715187212393&w=2
beachhead
·hace 3 años·discuss
Ah, I see you just want to get into a fight.

You've got the wrong guy, ace. Have a good day.
beachhead
·hace 3 años·discuss
I'm not sure what to tell you. It didn't make sense. It doesn't make sense. There was nothing technical about what you wrote. Other people don't need to confirm that something doesn't make sense to me. I'm not making a claim, I'm telling you that it didn't make sense. What do you not understand about this?

I'm not trying to insult you or dispute what you wrote. I'm just telling you, again, that it does not make sense.

You keep repeating that all OpenBSD tries to do is audit to find bugs, but that is very obviously not all that they do to prevent exploitation and post-exploitation issues. I'm not sure why you keep doing that. This is one of the parts that doesn't make sense to me.

You say that unveil or pledge aren't enough or aren't as good as SELinux. There is nothing technical about saying that. That's just your opinion that others do not share. I'm not even commenting on whether or not I agree or disagree with you about that. However, you aren't making a point in expressing this opinion. That's something else that doesn't make sense to me.

So, do you want to try to explain what point you're trying to make again? The whole thing. All I'm getting from the things you're saying is that you love SELinux and you have almost no understanding of any other aspect of what OpenBSD does beyond auditing code.
beachhead
·hace 3 años·discuss
Yeah it couldn't possibly be you.
beachhead
·hace 3 años·discuss
Nothing you wrote made any sense at all. So, explain the whole thing again, I guess?
beachhead
·hace 3 años·discuss
I'm sorry, what?
beachhead
·hace 3 años·discuss
It'll never happen. Every single time this comes up it turns into the same thing over and over again. You must remember the person that said they'd "write a blogpost bypassing OpenBSD mitigations next week" and that's been well over a month now and, surprise, there's no blog about this.

Everything OpenBSD does is wrong and trivial to bypass but everyone's too busy to do it. Maybe the dumbest part about this is that nobody on the other side of this is making claims that these mitigations are perfect in any way.

Qualys has bypassed some OpenBSD malloc hardening features recently but then they don't go around making wild or insulting claims about how wrong and trivial they are either. Go figure.