HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hovav

no profile record

comments

hovav
·9 bulan yang lalu·discuss
> has already been patched against

... has not been (effectively) patched against, as it happens. Maybe in December!
hovav
·tahun lalu·discuss
Standard operating procedure for both the Chrome [https://chromium.googlesource.com/chromium/src/+/HEAD/docs/s...] and Firefox [https://www.mozilla.org/en-US/about/governance/policies/secu...] bug tracking systems.

But the fix itself is public in both the Chrome [https://chromium.googlesource.com/chromium/src.git/+/36dbbf3...] and Firefox [https://github.com/mozilla/gecko-dev/commit/ac605820636c3b96...] source repos, and it makes pretty clear what the bug is.
hovav
·tahun lalu·discuss
> Xiaogang (Cliff) Wang is listed as the principal investigator.

No, you are misreading the award abstract. Cliff Wang is the program manager at NSF who is the point of contact for the investigators.
hovav
·tahun lalu·discuss
It's not guaranteed. See section 7 of https://www.usenix.org/system/files/conference/usenixsecurit...
hovav
·tahun lalu·discuss
> power need[s] to be exploited locally

Not in the presence of DVFS, it turns out: https://www.hertzbleed.com/hertzbleed.pdf
hovav
·2 tahun yang lalu·discuss
Abersoft Forth for the ZX Spectrum inspired one of the classic books about Forth, Don Thomasson's /Advanced Spectrum FORTH/ (1984): https://archive.org/details/AdvancedSpectrumFORTH
hovav
·2 tahun yang lalu·discuss
Levine's /Linkers and Loaders/ is a great book, but it's still in print, and this is an unauthorized copy.

The author's home page (https://www.iecc.com/linker/) used to host a PostScript version for download, but it no longer does, now saying: "Chapters were available in an excessive variety of formats, but are not any longer due to chronic piracy."

These days there is lots of information about linkers and loaders to be had without violating Levine's copyright; see https://www.toolchains.net/ for many links.
hovav
·3 tahun yang lalu·discuss
Yes! See, e.g., Fraser Brown et al., "Towards a Verified Range Analysis for JavaScript JITs," in proc. PLDI 2020, https://www.cs.utexas.edu/~hovav/dist/vera.pdf
hovav
·3 tahun yang lalu·discuss
A JIT is a machine for turning logic bugs into memory unsafety. Rewriting a JIT in Rust won't eliminate logic bugs and won't guarantee memory safety for the binary output of the JIT (as distinct from the JIT implementation itself).
hovav
·3 tahun yang lalu·discuss
Even with a verifiably random key, Dual EC is still unacceptable.

First, because its output has unacceptable biases [1,2].

Second, because its presence allows an attacker to create a difficult-to-detect backdoor simply by replacing the key, as apparently happened with Juniper NetScreen devices [3,4].

--- [1] Kristian Gjøsteen, Comments on Dual-EC-DRBG/NIST SP 800-90, draft December 2005. Online: https://web.archive.org/web/20110525081912/https://www.math....

[2] Berry Schoenmakers and Andrey Sidorenko, Cryptanalysis of the Dual Elliptic Curve Pseudorandom Generator, May 2006. Online: https://eprint.iacr.org/2006/190.pdf

[3] Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, and Hovav Shacham, A Systematic Analysis of the Juniper Dual EC Incident, October 2016. Online: https://www.cs.utexas.edu/~hovav/dist/juniper.pdf

[4] Ben Buchanan, The Hacker and the State, chapter 3, Building a Backdoor. Harvard University Press, February 2020.
hovav
·3 tahun yang lalu·discuss
It would not help at all. See (all of, but especially) section 5.4 of N. Carlini, A. Barresi, M. Payer, D. Wagner, and T.R. Gross, "Control-Flow Bending: On the Effectiveness of Control-Flow Integrity," in proc. USENIX Security 2015, https://www.usenix.org/conference/usenixsecurity15/technical...
hovav
·3 tahun yang lalu·discuss
Indeed, the History of Documented Unix Facilities [https://github.com/dspinellis/unix-history-man] says a vi(1) man page first appeared in 2BSD, and vi is implemented (as part of ex, with a 1979 copyright) in 2BSD src/ex, with the main routines at src/ex/ex_vmain.c: https://github.com/dspinellis/unix-history-repo/blob/BSD-2-S...
hovav
·3 tahun yang lalu·discuss
"Best Practices (BP) papers, up to 10 pages. Suitable papers are those that provide an integration and clarification of ideas on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of some aspect of secure development. Such a paper would be marked with the prefix 'BP:' in the title, and would need to provide new insights, although it could draw upon prior work." [https://secdev.ieee.org/2018/papers/#best-practices]