search for: brumley

After browsing "Remote timing attacks are practical" (Boneh & Brumley, <http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html>), I wonder if it might be a good idea to add calls to RSA_blinding_on() before the OpenSSL RSA decryption routines are invoked. The issue is not a LAN-only issue, BTW. Packet delay variation is usually higher in LANs than in WANs...

2 more roadblocks for Visual Studio users are the inability to compile gcc and the inability to compile and run the test suite. I would not want to submit a change unless I could still compile/run gcc and pass the test suite. (Testing before submission is the way we do it where I come from - I am assuming it's the same here). On a related note, has anyone gotten the LLVM test suite working

Jonathan Brumley wrote: > > 2 more roadblocks for Visual Studio users are the inability to compile > gcc and the inability to compile and run the test suite. I would not > want to submit a change unless I could still compile/run gcc and pass > the test suite. (Testing before submission is the wa...

...t;zaimoni at zaimoni.com> wrote: > From: Kenneth Boyd <zaimoni at zaimoni.com> > Subject: Re: [LLVMdev] Is there room for another build system? > To: "LLVM Developers Mailing List" <llvmdev at cs.uiuc.edu> > Date: Wednesday, July 30, 2008, 3:15 PM > Jonathan Brumley wrote: > > > > 2 more roadblocks for Visual Studio users are the > inability to compile > > gcc and the inability to compile and run the test > suite. I would not > > want to submit a change unless I could still > compile/run gcc and pass > > the test suit...

...the program. It ensures that you can easily reproduce the bug. Additionally, under ./crash_info/, we include more information about the crash such as a core dump, the dmesg generated by the crash, and its output. Regards, The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele) Cylab, Carnegie Mellon University [1] http://www.forallsecure.com/bug-reports/815b67d8dc6a89dacab19972ba91c26bcb147d05/full_report -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Li...

...the program. It ensures that you can easily reproduce the bug. Additionally, under ./crash_info/, we include more information about the crash such as a core dump, the dmesg generated by the crash, and its output. Regards, The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele) Cylab, Carnegie Mellon University [1] http://www.forallsecure.com/bug-reports/1ec22dedf5f6acaabd1351cb63865626a71c2640/full_report -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Li...

...the program. It ensures that you can easily reproduce the bug. Additionally, under ./crash_info/, we include more information about the crash such as a core dump, the dmesg generated by the crash, and its output. Regards, The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele) Cylab, Carnegie Mellon University [1] http://www.forallsecure.com/bug-reports/fab640ac274d4316c1bac8dce310682c951a79ce/full_report -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Li...

...the program. It ensures that you can easily reproduce the bug. Additionally, under ./crash_info/, we include more information about the crash such as a core dump, the dmesg generated by the crash, and its output. Regards, The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele) Cylab, Carnegie Mellon University [1] http://www.forallsecure.com/bug-reports/3751b453b73bfdf55900ed7b9b4499eb322d80fe/full_report -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Li...

...immediately to your nominated bank account in your country or else where. Please note that there is no risk because I already arranged everything perfectly for the success of this transfer. I want you to apply for release of the fund to you as the nearest person to our deceased customer Dr. George Brumley from Atlanta (the owner of the account) who died a long with his supposed next of kin and family in Kenyan plane crash on July 21 2003. I don't want the fund to transfer into our Bank treasury as an abandoned fund (unclaimed fund), so this is the reason why I contacted you, so that my Bank will...

I'll preface by saying I'm new to LLVM - I noticed there is an efficient BumpPtrAllocator - however, I can't figure out how I can allocate IR objects using that allocator. It looks like all the factory methods use regular new/delete. I'm sure someone BumpPtrAllocator is there for a good reason, and someone here has thought of this use case before. Anyone want to comment? Is

Dear OpenSSH devs, I came accross this paper yesterday. http://eprint.iacr.org/2011/232 It states that they were able to recover ECDSA keys from TLS servers by using timing attacks agains OpenSSL's ECDSA implementation. Is that known to be exploitable by OpenSSH ? (In my understanding, it's easy to get a payload signed by ECDSA during the key exchange so my opinion is that it is).

...the program. It ensures that you can easily reproduce the bug. Additionally, under ./crash_info/, we include more information about the crash such as a core dump, the dmesg generated by the crash, and its output. Regards, The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele) Cylab, Carnegie Mellon University [1] http://www.forallsecure.com/bug-reports/aae8d81da90492625d6c29ee45ae67ecc7a5c40a/full_report -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Li...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:09.htt Security Advisory The FreeBSD Project Topic: information disclosure when using HTT Category: core Module: sys Announced: