home.social

#cfi — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cfi, aggregated by home.social.

  1. Как системщику остаться в живых: харденинг, который не убьет ваш перфоманс

    Здравствуйте, меня зовут Анна Мелехова. Я старший архитектор в отделе развития архитектуры KasperskyOS. В статье я хочу поделиться практическим опытом системной разработки, которой я занималась сначала в проекте по виртуализации, а теперь в «Лаборатории Касперского», где мы делаем микроядерную операционную систему с повышенными требованиями к безопасности – KasperskyOS . Когда вы работаете в такой среде, быстро понимаете: харденинг – это не красивые галочки в чек-листе, а набор очень конкретных, очень практических решений, которые должны и защищать, и минимально снижать производительность. О них я и расскажу, а в конце дам личный топ самых полезных харденингов, которые бустят security и не снижают performance.

    habr.com/ru/companies/kaspersk

    #kasperskyos #системное_программирование #харденинг #canary #aslr #cfi

  2. Как системщику остаться в живых: харденинг, который не убьет ваш перфоманс

    Здравствуйте, меня зовут Анна Мелехова. Я старший архитектор в отделе развития архитектуры KasperskyOS. В статье я хочу поделиться практическим опытом системной разработки, которой я занималась сначала в проекте по виртуализации, а теперь в «Лаборатории Касперского», где мы делаем микроядерную операционную систему с повышенными требованиями к безопасности – KasperskyOS . Когда вы работаете в такой среде, быстро понимаете: харденинг – это не красивые галочки в чек-листе, а набор очень конкретных, очень практических решений, которые должны и защищать, и минимально снижать производительность. О них я и расскажу, а в конце дам личный топ самых полезных харденингов, которые бустят security и не снижают performance.

    habr.com/ru/companies/kaspersk

    #kasperskyos #системное_программирование #харденинг #canary #aslr #cfi

  3. Как системщику остаться в живых: харденинг, который не убьет ваш перфоманс

    Здравствуйте, меня зовут Анна Мелехова. Я старший архитектор в отделе развития архитектуры KasperskyOS. В статье я хочу поделиться практическим опытом системной разработки, которой я занималась сначала в проекте по виртуализации, а теперь в «Лаборатории Касперского», где мы делаем микроядерную операционную систему с повышенными требованиями к безопасности – KasperskyOS . Когда вы работаете в такой среде, быстро понимаете: харденинг – это не красивые галочки в чек-листе, а набор очень конкретных, очень практических решений, которые должны и защищать, и минимально снижать производительность. О них я и расскажу, а в конце дам личный топ самых полезных харденингов, которые бустят security и не снижают performance.

    habr.com/ru/companies/kaspersk

    #kasperskyos #системное_программирование #харденинг #canary #aslr #cfi

  4. Как системщику остаться в живых: харденинг, который не убьет ваш перфоманс

    Здравствуйте, меня зовут Анна Мелехова. Я старший архитектор в отделе развития архитектуры KasperskyOS. В статье я хочу поделиться практическим опытом системной разработки, которой я занималась сначала в проекте по виртуализации, а теперь в «Лаборатории Касперского», где мы делаем микроядерную операционную систему с повышенными требованиями к безопасности – KasperskyOS . Когда вы работаете в такой среде, быстро понимаете: харденинг – это не красивые галочки в чек-листе, а набор очень конкретных, очень практических решений, которые должны и защищать, и минимально снижать производительность. О них я и расскажу, а в конце дам личный топ самых полезных харденингов, которые бустят security и не снижают performance.

    habr.com/ru/companies/kaspersk

    #kasperskyos #системное_программирование #харденинг #canary #aslr #cfi

  5. We just significantly improved the explanation of control-flow integrity (CFI) in the Low Level Software Security Book, see llsoftsec.github.io/llsoftsecb

    The new version offers clearer, more detailed explanations to help readers better understand this important security concept.

    We’d love to hear your feedback — share your thoughts here or open an issue on github at github.com/llsoftsec/llsoftsec

    #LLSoftSecBook #CFI

  6. Thanks to jsing@, #OpenBSD's Go port (lang/go) now supports branch tracking control flow integrity (BTCFI) and enabled it by default on arm64/amd64, for Intel 11th Gen+ and Apple M2.

    jsing@ modified ports/lang/go/*: Add branch tracking control flow integrity (BTCFI) support to lang/go.

    This adds BTCFI support to lang/go on arm64 (in the form of BTI) and amd64 (in the form of IBT). Resulting Go binaries are no longer marked with OPENBSD_NOBTCFI.

    Thanks to sthen@ and tb@ for testing.

    ok tb@

    And _MODGO_SYSTEM_VERSION has been bumped to force recompiling of Go packages.

    Bump _MODGO_SYSTEM_VERSION due to lang/go BTCFI support.

    Also remove USE_NOBTCFI, since this is no longer the case on amd64 and arm64 (the flag is still set on other architectures for the time being, but this is ineffective).

    ok sthen@

    #go #golang #CFI #ROP

  7. CVS ditches common cold meds after FDA advisers say they’re useless - Enlarge / A box of Sudafed PE sinus pressure and pain medicine containi... - arstechnica.com/?p=1978328 #over-the-counter #oscillococcinum #phenylephrine #coldmedicine #decongestant #homeopathic #homeopathy #avianflu #science #sudafed #health #cfi #cvs #fda

  8. It's been a minute since I've posted. I know that I said I would post content through my CFI training but failed to do that. I really just got super busy and kept pushing it off. Then I got into hardcore study mode in the last couple of months. I am pleased to say that today, I am now a newly minted CFI. I was well prepared by my instructor and though long, I was able to nail the 6 hour oral and 2 hour flight. Time to rest a bit! #Aviation #avgeek #CFI

  9. "Conservative Friends of Israel has started to look much less like a friend of Israel and much more like the London outpost for Netanyahu’s far-right extremist Likud coalition. That’s bad news for the Conservative Party, bad news for Britain and – in my opinion – dreadful for Israel itself"
    Peter Oborne
    #Israel #CFI #UKPolitics #ConservativeParty

    It’s time to put Conservatives’s links with Israel under the spotlight | The Independent
    archive.is/MdPq6

  10. It's now easier to tell in ktrace/kdump on #OpenBSD -current if a process is crashing due to a BTI/IBT #CFI violation, as supported on Intel Tiger Lake (11th Gen and up) and Apple M2 CPUs.

    deraadt@ modified src/sys/*: create a new code ILL_BTCFI associated with SIGILL for trap faults which
    indicate missing indirect branch target instructions (on the two architectures which currently have this). This becomes nicely visible in kdump:

    6526 cat PSIG SIGILL SIG_DFL code=ILL_BTCFI addr=0x438fad6a990 trapno=21

    ok kettenis sthen miod rsadowski

  11. Remember US pilots: If your height changes by more than 2 inches, you must present yourself in person to your local FSDO to make that change to your pilot record. Also, if my height changed by more than 2 inches, I would really question my ability to control an aircraft, or any other vehicle.

    #Aviation #Flying #CFI #FlightInstruction

  12. RT by @EU_ISS: The second Brief published as part of the Countering Foreign Interference #CFI project is out!
    @EU_ISS

    It examines how measuring resilience to #FIMI could support the #EU's (foreign) policy-making as well as partners countries!

    🐦🔗: nitter.cz/LeoDeAgo/status/1729

    [2023-11-27 13:59 UTC]

  13. RT by @EU_ISS: The first Brief published as part of the Countering Foreign Interference #CFI project is out! @EU_ISS

    It examines how #FIMI represents a serious challenge to the #EU’s global interests and values by focusing on the #WesternBalkans and selected African countries.

    🐦🔗: nitter.cz/LeoDeAgo/status/1717

    [2023-10-26 11:23 UTC]

  14. @Dianora Excellent. I highly appreciate #CFI, as well as #RFR (Recovering from Religion) and Journey Free. Please encourage others to check out my YouTube channel, which has nearly 100 video sessions by experts in the field of religious trauma recovery youtube.com/@ComeToCORT?si=CYz

  15. So I just realized it is October of an odd numbered year. That means it is time to start the process to renew my flight instructor certificate. Also, King Schools, stop creeping on me! 😜

    #CFI #FIRC #Aviation #FlightInstruction #KingSchools #FlightTraining #Pilot

  16. Back today for my first teaching practice on basic flight maneuvers. My first flight post right seat checkout so this was like taking a student up for the first time. Straight and level flight/turns, const speed climbs/descents. Trim, Pattern entry and normal T/O & Landings. Fun times! #CFI #CFIStudent #avgeek

  17. The first public report of the #CFI Dialogues 2023 event held in Florence is now available.
    While malign actors exploit local and structural vulnerabilities through #FIMI, some common patterns of action have emerged.
    Read report 👇
    iss.europa.eu/content/counteri

    🐦🔗: n.respublicae.eu/EU_ISS/status

  18. Some more details from Theo de Raadt in a recent commit message.

    #OpenBSD #CFI

    "Over the last 6 months we've worked on adding arm64 BTI & Intel IBT support in the kernels and all userland binaries. We have been fixing all the applications along the way. Many developers were involved.

    There is an innovative and substantial difference in our approach compared to how Linux is doing it:

    - On OpenBSD, IBT/BTI enforcement is on by default (meaning mandatory), unless a binary is linked to request opt-out (using -Wl,-z,nobtcfi). After all our fixes, very few application binaries need that, and that count is expected to shrink quickly as we (or upstreams) fix the outstanding issues.

    - On Linux they are rehashing the same design as their executable-stack mechanism: if a single .o file in a resulting binary isn't marked as IBT/BTI enforcement, the system will (silently) execute the program without enforcement and noone knows this is happening.

    So for an issue from around 2001, today Linux binaries with executable stack exist and work unsafely. I expect that 20 years from now Linux binaries without IBT/BTI enforcement will also exist and work unsafely.."

  19. #OpenBSD has enabled Indirect Branch Tracking (IBT) for amd64 userland by default (including ports). :flan_cool:​

    This was previously enabled for the kernel itself back in April.

    IBT is present on Intel Tiger Lake (Core gen 11) and later, is a no-op on earlier generation CPUs and AMD.

    #CFI

    guenther@ modified sys/arch/amd64/*: Enable Indirect Branch Tracking for amd64 userland, using XSAVES/XRSTORS to save/restore the state and enabling it at exec-time (and for signal handling) if the PS_NOBTCFI flag isn't set.

    Note: this changes the format of the sc_fpstate data in the signal context to possibly be in compressed format: starting now we just guarantee that that state is in a format understood by the XRSTOR
    instruction of the system that is being executed on.

    At this time, passing sigreturn a corrupt sc_fpstate now results in the process exiting with no attempt to fix it up or send a T_PROTFLT trap. That may change.

    prodding by deraadt@ issues with my original signal handling design identified by kettenis@

    lots of base and ports preparation for this by deraadt@ and the libressl and ports teams

    ok deraadt@ kettenis@

  20. CVS ditches common cold meds after FDA advisers say they’re useless - Enlarge / A box of Sudafed PE sinus pressure and pain medicine containi... - arstechnica.com/?p=1978328 #over-the-counter #oscillococcinum #phenylephrine #coldmedicine #decongestant #homeopathic #homeopathy #avianflu #science #sudafed #health #cfi #cvs #fda

  21. CVS ditches common cold meds after FDA advisers say they’re useless - Enlarge / A box of Sudafed PE sinus pressure and pain medicine containi... - arstechnica.com/?p=1978328 #over-the-counter #oscillococcinum #phenylephrine #coldmedicine #decongestant #homeopathic #homeopathy #avianflu #science #sudafed #health #cfi #cvs #fda

  22. We spoke to 3 female flight attendants across 3 crew changes in a row on this last trip, who are considering starting flight school.🤯

    I think that’s pretty great. I answered questions and gave them my contact info in case they ever want someone to talk to about the journey.

    #pilotshortage #crewlife #learn2fly #airlines #CFI

  23. So I just realized it is October of an odd numbered year. That means it is time to start the process to renew my flight instructor certificate. Also, King Schools, stop creeping on me! 😜

    #CFI #FIRC #Aviation #FlightInstruction #KingSchools #FlightTraining #Pilot