HackerTrans
トップ新着トレンドコメント過去質問紹介求人

Ochi

no profile record

コメント

Ochi
·先月·議論
I'm running OpenSnitch on my desktop machine to get notified about any attempted outgoing network connections by processes that I have not explicitly allowed before. I wonder if this would have at least prevented any data exfiltration if I would have installed one of the infected packages?

I'm thinking more and more that things like sandboxing and compartmentalization are becoming increasingly important on everyday desktop machines. The design of every process having at least read access to almost everything on a machine by default is not appropriate anymore.
Ochi
·2 年前·議論
So ideally, we should disable hyper threading to mitigate security issues and now also disable turbo mode to mitigate memory corruption issues. Maybe we should also disable C states to avoid side-channel attacks and disable efficiency cores to avoid scheduler issues... and at some point we are back to a feature set from 20+ years ago. :P