OpenBSD is an operating system that's famous for its focus on security. Unfortunately, OpenBSD leader Theo states that there are only 7000 users of OpenBSD. So it's a very small but elite group, that wields a disproportionate influence; since we hear all the time about the awesome security features these guys get to use, even though we usually can't use them ourselves. Pledge is like the forbidden
Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module2022-06-29 Linux Security Modules (LSM) is a hook-based framework for implementing security policies and Mandatory Access Control in the Linux kernel. Until recently users looking to implement a security policy had just two options. Configure an existing LSM module such as AppArmor or SELinux, or write a
This article was discussed on Hacker News (later), on reddit (also), featured in BSD Now 294. Also check out this Endlessh analysis. I’m a big fan of tarpits: a network service that intentionally inserts delays in its protocol, slowing down clients by forcing them to wait. This arrests the speed at which a bad actor can attack or probe the host system, and it ties up some of the attacker’s resourc
Building a static analyzer into the C compiler offers several advantages over having a separate tool, because the analyzer can track what the compiler and assembler are doing intimately. As a Red Hat employee, I work on GCC, the GNU Compiler Collection. Our static analyzer is still experimental but is making big strides in interesting areas, including a taint mode and an understanding of assembly-
This article describes how to configure Credential Guard using Microsoft Intune, Group Policy, or the registry. Default enablement Starting in Windows 11, 22H2 and Windows Server 2025, Credential Guard is enabled by default on devices which meet the requirements. System administrators can explicitly enable or disable Credential Guard using one of the methods described in this article. Explicitly c
特定ã®å¤–部ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã¸ã®é€šä¿¡ã®åˆ¶é™ã«ã¯ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ãªã©ã‚’利用ã™ã‚‹ã“ã¨ãŒå¤šã„ã§ã™ãŒã€ã‚³ãƒ³ãƒ†ãƒŠã‚„実行ã•ã‚ŒãŸã‚³ãƒžãƒ³ãƒ‰åãªã©ã‚’ã‚‚ã¨ã«ã€é€šä¿¡ã‚’制御ã—ãŸã„ã¨ã„ã†éœ€è¦ãŒè‡ªåˆ†ã®ä¸ã§ã‚ã‚Šã¾ã—ãŸã€‚ 具体的ã«ã¯ GitHub Self-hosted runner ã®ã‚ˆã†ãª CI / CD 環境ã§ã€ä¾å˜ãƒ‘ッケージã«æ‚ªæ„ã‚るコードãŒå…¥ã‚Šè¾¼ã‚“ã§ã—ã¾ã†ã‚ˆã†ãªã‚µãƒ—ライãƒã‚§ãƒ¼ãƒ³æ”»æ’ƒãªã©ã‚’検知・防御ã—ã€æ„図ã›ãšã«ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ãªã©ã®ç§˜åŒ¿ã™ã¹ãæƒ…å ±ãŒå¤–部ã«æ¼æ´©ã™ã‚‹ã®ã‚’防ãŽãŸã„ã¨æ€ã£ã¦ã„ã¾ã—ãŸã€‚ ã“ã®ã‚ˆã†ãªã‚µãƒ—ライãƒã‚§ãƒ¼ãƒ³æ”»æ’ƒã¸ã®å¯¾ç–ã¯æ§˜ã€…ã§ã™ãŒã€å®Ÿè¡Œæ™‚ã«æ‚ªæ„ã®ã‚る動作を検出ã™ã‚‹ã‚‚ã®ã¨ã—ã¦ã€GitLab ㌠Falco をベースã¨ã—㟠Package Hunter ãªã©ãŒã‚ã‚Šã¾ã™ã€‚ã“ã®ãƒ„ールã¯ä¾å˜ãƒ‘ッケージãªã©ã‚’インストールã™ã‚‹éš›ã«å®Ÿè¡Œã•ã‚Œã‚‹ã‚·ã‚¹ãƒ†ãƒ コールãªã©ã‚’監視ã™ã‚‹ã‚‚ã®ã§ã™ã€‚ 検知ã™ã‚‹ã ã‘ã§ã‚れ㰠Package Hu
The PAM Duress is a module designed to allow users to generate 'duress' passwords that when used in place of their normal password will execute arbitrary scripts. This functionality could be used to allow someone pressed to give a password under coercion to provide a password that grants access but in the background runs scripts to clean up sensitive data, close connections to other networks to li
Assuming you're already familiar with HTTP/1, there are only three new concepts that you need to understand. Pseudo-HeadersIn HTTP/1, the first line of the request contains the request method and path. HTTP/2 replaces the request line with a series of pseudo-headers. The five pseudo-headers are easy to recognize as they're represented using a colon at the start of the name: :method - The request m
Posted Aug 4, 2021 2021-08-04T08:50:00-07:00 by Johnathan Norman IntroductionThe VR team is experimenting with a new feature that challenges some conventional assumptions held by many in the browser community. Our hope is to build something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers. Mitigations have a long history of being bypassed, s
AlmaLinux 3345 View AlmaLinux vulnerabilities Alpine 3589 View Alpine vulnerabilities Android 2222 View Android vulnerabilities Bitnami 4764 View Bitnami vulnerabilities Chainguard 18096 View Chainguard vulnerabilities crates.io 1563 View crates.io vulnerabilities Debian 42411 View Debian vulnerabilities GIT 23441 View GIT vulnerabilities Go 3763 View Go vulnerabilities Hex 32 View Hex vulnerabili
Introduction 11 May 2021 — This website presents FragAttacks (fragmentation and aggregation attacks) which is a collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within range of a victim's Wi-Fi network can abuse these vulnerabilities to steal user information or attack devices. Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
処ç†ã‚’実行ä¸ã§ã™
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
{{#tags}}- {{label}}
{{/tags}}