Translate

Archives

Address Space Layout Randomization in Linux

Address Space Layout Randomization (ASLR) was first implemented in Linux in 2001 and formally included in Linux kernel 2.6.12 in 2005. Microsoft followed soon afterwards and implemented ASLR in Vista in 2007. ASLR randomizes process memory address space in order to prevent an attacker from finding the addresses of functions or ROP (Return Oriented Programming) gadgets required to successfully complete an exploit. The effectiveness of ASLR is limited by the amount of available entropy which varies from platform to platform depending on the implementation. For ASLR to be useful, all segments of a processes memory space must be randomized. If

Decompiling ACPI Tables

Advanced Configuration and Power Interface (ACPI) is a specification which defines platform-independent interfaces for hardware discovery, configuration, power management and monitoring. It was initially developed by Intel, Microsoft and Toshiba in 1996 and revised regularly since then. In early 2013, stewardship of the specification was transferred to the Unified Extensible Firmware Interface Forum (UEFI). The latest version of the specification is 5.1 which was released in July 2014. The functional areas of the ACPI specification include: System power management Device power management Processor power management Configuration / Plug and Play System Events Battery management Thermal management Embedded controllers SMBus controller

The Sunsetting of SHA-1

SHA-1 (Secure hash algorithm) is a 160-bit hash algorithm that is at the heart of many web security protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) since shortly after it was developed by the NSA (National Security Agency) in 1995. In 2005, a professor in China demonstrated an attack that could be successfully launched against the SHA-1 function, suggesting that the algorithm might not be secure enough for ongoing use. Because of this, NIST immediately recommended federal agencies begin moving away from SHA-1 toward stronger algorithms. In 2011, NIST mandated that many applications in federal agencies

Unix Domain Sockets

Unix domain (UD) sockets are an inter-process communication (IPC) mechanism that allows bidirectional data exchange between processes running on the same platform. They are sometimes called local sockets. Communication occurs entirely within the operating system kernel. The closest IPC mechanism to a UD socket is probably a Unix pipe or a Linux Netlink socket. Note that the term domain in UD has nothing to do with DNS, NIS, LDAP, or Active Directory, and instead refers to the file system. A UD socket is uniquely identified by a filesystem pathname. Obviously, both processes have to agree on the pathname for them

Perfect Forward Secrecy in SSH

Perfect Forward Secrecy (PFS) is a property of public-key encryption systems which generate random public keys per session for the purposes of key agreement which are not based on any sort of deterministic algorithm. A compromise of one message cannot lead to the compromise of another message or multiple messages. Twitter, Apache mod_ssh, SSL, TLS, and IPSec all support forward secrecy. According to the referenced Wikipedia article: Forward secrecy is designed to prevent the compromise of a long-term secret key from affecting the confidentiality of past conversations. However, forward secrecy (including perfect forward secrecy) cannot defend against a successful cryptanalysis