search for: blackhat

...------------------------------------------------------ This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel

Whilst tinkering with lvm (which now works great - thanks!), I made a typo which caused the domain to stop booting. I think it was just that I got the config file wrong in terms of which device mapped to which. Anyway, I had specified ''restart=True'' and so the domain was starting to boot, failing, then restarting again. This was the expected behaviour, but it was a pain to kill.

...------------------------------------------------------ This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel

.... Reportedly edge and chromium are getting large memory savings from switching, but I haven't seen performance comparisons. If the performance is good, seems like that might be the simplest choice https://docs.microsoft.com/en-us/windows/win32/sbscs/application-manifests#heaptype https://www.blackhat.com/docs/us-16/materials/us-16-Yason-Windows-10-Segment-Heap-Internals.pdf On Thu, Jul 2, 2020, 12:20 AM Alexandre Ganea via cfe-dev <cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>> wrote: Hello, I was wondering how folks were feeling about replacing the default Windows C...

...along with the account and used when validating the password. That way in the event of a SQL injection attack that dumps the database - yes it is still bad, but 20 accounts that have the same password will have radically different hashes and thus won't be a clue that they are the same, the blackhat that gets the database dump would have to generate a rainbow table for each unique salt. I've looked at at least a dozen different Dovecot / MariaDB howto guides and none of the ones I have looked at supported any kind of individual salting of the user passwords. Can someone point me to a...

Hey there, today I've ridden about HEIST. https://www.google.it/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0ahUKEwjP1_y84anOAhUIUhQKHaApBRYQFggsMAI&url=https%3A%2F%2Fwww.blackhat.com%2Fdocs%2Fus-16%2Fmaterials%2Fus-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows-wp.pdf&usg=AFQjCNGF78yNRziN_1fTOzDTrsjmOC3IpA&bvm=bv.128617741,d.d24&cad=rja What about Centos?

...d used when validating the > password. > > That way in the event of a SQL injection attack that dumps the > database - yes it is still bad, but 20 accounts that have the same > password will have radically different hashes and thus won't be a clue > that they are the same, the blackhat that gets the database dump would > have to generate a rainbow table for each unique salt. > > I've looked at at least a dozen different Dovecot / MariaDB howto > guides and none of the ones I have looked at supported any kind of > individual salting of the user passwords. > &...

> My fear is the exploit-s'kiddie problem. Are there common exploits for man-in-the-middle? I've never seen one. I've seen rootkits, crackers, DoS tools, etc. But never anything as sophisticated as mitm. > I see no reason why anyone would constantly scan huge netblocks of cable > modem users, looking for the occasional target to haX0r. But that doesn't > stop the

Hello, I'm trying to find very indepth documentation of OpenSSH, so far I have found nothing of much use, if anyone could direct me to some advance texts on openssh it would be greatly appreciated.

...ww.linux.com/ Has the CentOS site ever been hacked? Are there any good audit processes to check the servers? CentOS team, please be aware, there are many script-kiddies OR pro's out there who want websites like yours! I love CentOS, and I don't want it to fail like kernel.org: http://blackhats.com/infosuck/0x007c.png Please pay more attention than in normal case! :\ /just an anxious CentOS user/ Thanks and sry for this e-mail.

Hi, I have simple question about Skype. What are the methods of selecting packets which belongs to Skype?? I know about 7layer but I don''t belive that is only way. Is 7layer realy good and stable solution for routers which must handle more than 1000 users ? Thanks in advance Pozdrawiam Szymon Turkiewicz

Hello, I was wondering how folks were feeling about replacing the default Windows CRT allocator in Clang, LLD and other LLVM tools possibly. The CRT heap allocator on Windows doesn't scale well on large core count machines. Any multi-threaded workload in LLVM that allocates often is impacted by this. As a result, link times with ThinLTO are extremely slow on Windows. We're observing

...on't link against those features (except it will for libssl.so.10 if ANY tls option is chosen) but the binary will link against the libraries if it is there. EVEN IF THE DEVEL PACKAGE WITH HEADER FILES IS NOT PRESENT. There is something very broken about how curl builds. If I was a skilled blackhat, I might look for ways that causes it to be exploitable, because the building of curl doesn't do what the user expects. I tried building curl creating a mock build environment where openssl is forbidden. There's a bug in mock. In both base and updates I have exclude=openssl* I had to...

...folks: Tested-by: Pierre Moreau <pierre.morrow at free.fr> [MBP 5,3 2009 nvidia MCP79 + G96 pre-retina 15"] Tested-by: Paul Hordiienko <pvt.gord at gmail.com> [MBP 6,2 2010 intel ILK + nvidia GT216 pre-retina 15"] Tested-by: William Brown <william at blackhats.net.au> [MBP 8,2 2011 intel SNB + amd turks pre-retina 15"] Tested-by: Lukas Wunner <lukas at wunner.de> [MBP 9,1 2012 intel IVB + nvidia GK107 pre-retina 15"] On the latter three models it worked fine. On Pierre Moreau's machine the discrete nvidia G96 l...

...d. We did not tell people which versions were vulnerable, since the 2.9 to 2.9.9 transition was largely a rewrite of the ChallengeResponseAuthentication subsystem. This would have highlighted that as the problem area. e. We believed very strongly that the issue was unknown in the Blackhat community at the time. We also made the decision based on the subtlety of the problem. Finally, we believe that the SSH protocol is a security infrastructure protocol (with DNS and BGP), and that issues of this scope require more gentle care. f. We did not alert vendor contacts with...

...d. We did not tell people which versions were vulnerable, since the 2.9 to 2.9.9 transition was largely a rewrite of the ChallengeResponseAuthentication subsystem. This would have highlighted that as the problem area. e. We believed very strongly that the issue was unknown in the Blackhat community at the time. We also made the decision based on the subtlety of the problem. Finally, we believe that the SSH protocol is a security infrastructure protocol (with DNS and BGP), and that issues of this scope require more gentle care. f. We did not alert vendor contacts with...

Hi, In the past I've setup simple centralized authentication with NIS and NFS, without bothering about possible security implications. Over the next month I have to setup a new network in a local school, and I wonder if I should use NIS/NFS. I still have my own documentation, it's simple and somewhat bone-headed to setup, and it just works. RHEL/CentOS 7 still provide NIS, and I vaguely

...rged yet. Feedback on them is welcome. The patches are based on drm-next. They were tested on the following hardware (thanks a lot everyone!): Tested-by: Paul Hordiienko <pvt.gord at gmail.com> [MBP 6,2 2010 intel ILK + nvidia GT216 pre-retina] Tested-by: William Brown <william at blackhats.net.au> [MBP 8,2 2011 intel SNB + amd turks pre-retina] Tested-by: Lukas Wunner <lukas at wunner.de> [MBP 9,1 2012 intel IVB + nvidia GK107 pre-retina] Tested-by: Bruno Bierbaumer <bruno at bierbaumer.net> [MBP 11,3 2013 intel HSW + nvidia GK107 retina -- work...

Hi hoping someone can help me a little with this one. I have 2 mail servers, the incoming mail server runs dovecot and the outgoing mail server runs postfix with sasl. Lately I noticed a lot of spammers are running dictionary attacks on my incoming server and then using that user/password for sasl on the outgoing server. The weird thing is I never see on the logs the guessed

Enable GPU switching on the pre-retina MacBook Pro (2008 - 2013), v5. The main obstacle on these machines is that the panel mode in VBIOS is bogus. Fortunately gmux can switch DDC independently from the display, thereby allowing the inactive GPU to probe the panel's EDID. In short, vga_switcheroo and apple-gmux are amended with hooks to switch DDC, DRM core is amended with a