Although, according to RFC7590 "Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)", TLS was recommended for XMPP connection. But it is not mandatory. Despite the consensus to switch XMPP on mandatory encryption reached by XMPP communities on 2014, there are still some XMPP service providers support non-encrypted connection as a fallback along with TLS.…
PaX/Grsecurity no longer provides the public access to test patch in Apr 26 2017. In the FAQ of the announcement, PaX team and Spender listed a couple of reasons why they do this. As some people already know, it's not the whole story.…
Shawn:这篇spender于2011年写的文章在一定程度上帮助我们更好的了解历史,不懂历史是很难洞悉未来的,不是吗?…
GBE( no big deal?), CPU microcode( Do we really believe the vendor don't leave a backdoor there? Ok, it's unlikely to happen because the "magic" constant shit is not hard to find but...possibility is still there?), VGA BIOS( the 1st rule of OptionROM is do not talk about-_-), MRC( lacking of effort to do the reversing?), [Intel ME](https://github.com/hardenedlinux/firmware-anatomy/blob/master/hack_ME/me_info.md)( red alert....).…
众所周知,混沌计算机俱乐部(AKA“CCC”)是德国最大的黑客社区,成立至今三十多年(每年都会举办黑客大会,今年是第三十三年即33C3。…
We should treat security as a whole, just like the combination of PaX/Grsecurity features/code hardening build up a defense-in-depth solution for Linux kernel, which is a core infrastructre we are highly rely on. PaX/Grsecurity is a set of security hardening specific patch that brings the linux kernel security into another level. It's a great value to make all FLOSS community getting benefit from it. KSPP( Kernel self protection project) was started in Nov 2015 after a disclosure about linux kernel security.…
由于stack overflow而引发的攻击非常普遍也非常古老, 有一种叫做canary的mitigation技术很早就出现在gcc/glibc里, 直到现在也作为系统安全的第一道防线一直存在.…