ARMv8.3-A PA在GCC里的相关实现

很多的安全问题通过攻击者人为制造的恶意指针,然后处理器解释恶意指针为代码地址,然后执行恶意指针所指的代码,这里的代码恰恰就是攻击者预先准备的恶意代码。所以对于指针的合法性问题一直是安全防御的重点。针对此ARMv8.3-A引入了一指针验证指令。

Security Promotion - Mandatory TLS Connection for XMPP

Although, according to RFC7590 "Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)", TLS was recommended for XMPP connection. But it is not mandatory. Despite the consensus to switch XMPP on mandatory encryption reached by XMPP communities on 2014, there are still some XMPP service providers support non-encrypted connection as a fallback along with TLS.

Mission impossible: Hardening the x86 based core infrastructures

GBE( no big deal?), CPU microcode( Do we really believe the vendor don't leave a backdoor there? Ok, it's unlikely to happen because the "magic" constant shit is not hard to find but...possibility is still there?), VGA BIOS( the 1st rule of OptionROM is do not talk about-_-), MRC( lacking of effort to do the reversing?), [Intel ME](https://github.com/hardenedlinux/firmware-anatomy/blob/master/hack_ME/me_info.md)( red alert....).

Linux kernel mitigation checklist

We should treat security as a whole, just like the combination of PaX/Grsecurity features/code hardening build up a defense-in-depth solution for Linux kernel, which is a core infrastructre we are highly rely on. PaX/Grsecurity is a set of security hardening specific patch that brings the linux kernel security into another level. It's a great value to make all FLOSS community getting benefit from it. KSPP( Kernel self protection project) was started in Nov 2015 after a disclosure about linux kernel security.