search for: countermeasurements

Displaying 20 results from an estimated 88 matches for "countermeasurements".

2019 Feb 04
5
security implications of caching with virtio pmem (was Re: [PATCH v3 0/5] kvm "virtio pmem" device)
On Wed, Jan 09, 2019 at 08:17:31PM +0530, Pankaj Gupta wrote: > This patch series has implementation for "virtio pmem". > "virtio pmem" is fake persistent memory(nvdimm) in guest > which allows to bypass the guest page cache. This also > implements a VIRTIO based asynchronous flush mechanism. At Pankaj's request I looked at information leak
2019 Feb 06
0
security implications of caching with virtio pmem (was Re: [PATCH v3 0/5] kvm "virtio pmem" device)
On 04.02.19 23:56, Michael S. Tsirkin wrote: > > On Wed, Jan 09, 2019 at 08:17:31PM +0530, Pankaj Gupta wrote: >> This patch series has implementation for "virtio pmem". >> "virtio pmem" is fake persistent memory(nvdimm) in guest >> which allows to bypass the guest page cache. This also >> implements a VIRTIO based asynchronous flush
2019 Feb 11
1
[Qemu-devel] security implications of caching with virtio pmem (was Re: [PATCH v3 0/5] kvm "virtio pmem" device)
Hi Michael, Thanks for looking into this and summarizing in detail. > > This patch series has implementation for "virtio pmem". > > "virtio pmem" is fake persistent memory(nvdimm) in guest > > which allows to bypass the guest page cache. This also > > implements a VIRTIO based asynchronous flush mechanism. > > > At Pankaj's request
2016 Aug 30
3
Publication of an llvm-based tool that protects against fault injection attacks
Hello, My team and I have recently published an LLVM-based tool at “Cryptography and Security in Computing Systems 2016” (CS2), and we would like to add it on the list of LLVM related publications. The goal of our tool is to automatically protect the code being compiled against fault injection attacks *Title:* Compilation of a Countermeasure Against Instruction-Skip Fault Attacks Available
2013 Jan 22
2
Rails 4: Should a HEAD request not be handled like a GET for CSRF protection?
I am running a Rails 4 app in semi-production and I constantly get exceptions from crawler bots that use a HEAD HTTP method, which causes the CSRF protection to kick in. Shouldn''t HEAD requests normally be handled like GET requests? I am not sure if I''m just being stupid or that hit is a bug somewhere. Michiel -- You received this message because you are subscribed to the
2001 Mar 22
9
Portable OpenSSH-2.5.2p2
Portable OpenSSH 2.5.2p2 is now available from the mirror sites listed at http://www.openssh.com/portable.html Security related changes: Improved countermeasure against "Passive Analysis of SSH (Secure Shell) Traffic" http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt The countermeasures introduced in earlier OpenSSH-2.5.x versions caused interoperability problems with
2001 Mar 22
9
Portable OpenSSH-2.5.2p2
Portable OpenSSH 2.5.2p2 is now available from the mirror sites listed at http://www.openssh.com/portable.html Security related changes: Improved countermeasure against "Passive Analysis of SSH (Secure Shell) Traffic" http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt The countermeasures introduced in earlier OpenSSH-2.5.x versions caused interoperability problems with
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
Hi, I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise Linux release 8.7 (Ootpa). The details are as follows. # rpm -qa | grep openssh openssh-8.0p1-16.el8.x86_64 openssh-askpass-8.0p1-16.el8.x86_64 openssh-server-8.0p1-16.el8.x86_64 openssh-clients-8.0p1-16.el8.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) # SSH Terrapin Prefix Truncation
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
You might find RedHat's CVE page on this useful: https://access.redhat.com/security/cve/cve-2023-48795 On Tue, Jan 23, 2024 at 10:04?AM Kaushal Shriyan <kaushalshriyan at gmail.com> wrote: > Hi, > > I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise > Linux release 8.7 (Ootpa). The details are as follows. > > # rpm -qa | grep openssh >
2010 Dec 27
3
openssh and keystroke timing attacks (again)
Hi all, Over the past 10 years, there has been some discussion and several patches concerning keystroke timing being revealed by the timing of openssh packet network transmission. The issue is that keystroke timing is correlated with the plaintext, and openssh users expect their communications to be kept entirely secret. Despite some excellent ideas and patches, such as Jason Coit's
2010 Dec 07
2
[LLVMdev] own source transformation
Hi, I'm a student who is going to make a countermeasure for dangling pointers in c for his thesis. I need to make my source transformation using llvm. Nobody in my university already used LLVM. I already read a some documentation about llvm but i'm still lost. Do there exist some " examples/Tutorials" for making small source transformations. Or is there somebody who can help
2024 Jun 24
1
An Analysis of the DHEat DoS Against SSH in Cloud Environments
On 6/19/24 4:11 PM, Joseph S. Testa II wrote: > On Wed, 2024-06-19 at 09:19 -0400, chris wrote: >> real world example (current snapshot of portable on linux v. dheater) > > Thanks for this. However, much more extensive testing would be needed > to show it is a complete solution. In my original research article, I > used CPU idle time as the main metric. Also, I showed that
2003 Aug 28
1
new DoS technique (exploiting TCP retransmission timeouts)
An interesting paper http://www.acm.org/sigcomm/sigcomm2003/papers/p75-kuzmanovic.pdf ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike
2024 Jun 19
2
An Analysis of the DHEat DoS Against SSH in Cloud Environments
On Wed, 2024-06-19 at 09:19 -0400, chris wrote: > real world example (current snapshot of portable on linux v. dheater) Thanks for this. However, much more extensive testing would be needed to show it is a complete solution. In my original research article, I used CPU idle time as the main metric. Also, I showed that very low- latency network links could bypass the existing countermeasures.
2004 Aug 06
0
Preventin browsers / wget's / ... from capturing stream?
...? > > Well, you could add nasty user-agent sniffing, but it's pretty > > pointless. > > streamripper can identify itself as any user-agent you want ... As said above: We're not talking about "there is always a way around". I'm just talking about what easy countermeasurements could be taken (and what is needed for icecast2 to actually use these countermeasurements) to give starters (not professionals) at least some feeling of "stream can't be downloaded". Customers are (mostly) not technicians. But if you give them a http- URL to listen and they can eas...
2020 Sep 11
4
Winbind offline cache and strangeness...
I've setup a portable system (ubuntu 16.04) joined to my AD domain, that in their primary network works as expected. But in this 'COVID time', the portable start to roam around, and users say me that, suddenly after some days of use, get incredibly sloooowww... after that users reboot, and cannot get back in, login refused. I've setup a VPN, but clearly if users cannot login
2004 Aug 06
2
Preventin browsers / wget's / ... from capturing stream?
On Tuesday 02 March 2004 02:23, Michael Smith wrote: > Shoutcast just does user-agent sniffing. This makes it look like you can't > download the stream easily, but that's just misleading you - it's > completely trivial to do so. Yes , i'd say the same . > > The most clean solution in my eyes would be to implement mms:// or > > rtp:// for mp3/ogg-streams in
2023 Dec 18
1
Announce: OpenSSH 9.6 released
OpenSSH 9.6 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested
2012 Oct 02
0
[LLVMdev] [PROPOSAL] Adding support for -fstack-protector-strong
On 10/1/12 9:26 PM, Magee, Josh wrote: > Hello, > > I plan to implement "Stack Smashing Protection - Strong" support in LLVM. > Below is a description of this feature and an overview of the implementation > plan. I have divided up the implementation into stages that can be delivered > incrementally. > > I'm looking for any feedback (suggestions, requests,
2019 Feb 15
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
On Fri, 2019-02-15 at 15:57 +1100, Darren Tucker wrote: > That was the original intent (and it's mentioned in RFC4419) however > each moduli file we ship (70-80 instances of 6 sizes) takes about 1 > cpu-month to generate on a lowish-power x86-64 machine. Most of it > is > parallelizable, but even then it'd likely take a few hours to > generate > one of each size. I