I used to provide detached GnuPG signatures alongside my uploaded
source tarballs but nobody cared or even noticed if I inadvertently
broke the signature. (This is for packages which regularly got
downloaded for inclusion into Fedora, ArchLinux, Gentoo and numerous
other distros other than Debian/Debian-based ones which get the source
directly from me.)
Honestly, nobody cares.
-- Neil Williams
ICANN has plowed ahead with their extortive get-rich-quick gTLD
expansion scheme. The U.S. has turned the DNS into a mechanism for
unilaterial actions over entities in other countries, without such
[niceties] as due process being required. The list goes on and on.
So no wonder the rest of the world pushes for changes -- and threatens
network fragemention -- even as their proposed regulatory regimes could
do enormous damage to the Net.
-- Lauren Weinstein
This book marks another chapter in my career’s endless series of
generalizations. From mathematical security — cryptography — to computer
and network security; from there to security technology in general; then to
the economics of security and the psychology of security; and now to — I
suppose — the sociology of security. The more I try to understand how
security works, the more of the world I need to encompass within my model.
on his new book Liars and Outliers
While everyone else was focused on the normal patch specific
vuln/update/forget cycle, our focus with these high-profile vulnerabilities
has always been to look at tangential issues that are unlikely to be
resolved upstream: exploitation techniques that either made certain
strategies easier or possible in the first place. In the case of
CVE-2012-0056, that issue revealed itself during a discussion on the
full-disclosure mailing list on how to reliably exploit systems that
changed the permission of the suid root binaries to deny reading. While
such a permission change prevented the use of objdump in initial exploits,
it was mentioned that a ptrace followed by an exec of the suid root binary
allows one to effectively read the contents of the mapped binary. This
might be surprising, as a ptrace of an existing suid root process would be
denied. When execing a privileged binary while ptracing though, the binary
is run without the extra privileges. When the goal is reading out the
binary, however, this is irrelevant.
on "How We Learn From Exploits"
to post comments)