Posts tagged security
Pointer authentication weakness and mitigations
Pointer authentication involves taking things like the return address and inserting an authentication tag into unused bits – a cryptographic signature – before storing the pointer to memory, and then confirming that the signature agrees with the pointer destination after loading it back from memory and before using it again.
Clipboard subversion on StackOverflow
Because Markdown is really a mixture of Markdown syntax and raw HTML to fill in gaps where Markdown can’t do the job, having user-generated content in Markdown format doesn’t help to curb malicious content. Users are still publishing HTML and have opportunities to embed something malicious or sneaky.
A pick-resistant lock design
There are a fair few attempts at “unpickable” locks out there, and overall I don’t think I have a great deal to add to the range of pre-existing methods. But a couple of years ago I thought I might have a go at my own design anyway.
Curl is not secure by default
I often find that when there’s been some debate about a topic on the internet the conclusion might be a thorough debunking of a bad idea but also a failure to address a more nuanced idea – or sometimes even a more fundamental idea.
Idly musing over RowHammer mitigation strategies
Watching a RowHammer talk (slides) a while back (not actually the linked one, but I couldn’t find the one I attended) left me with a couple of thoughts about possible mitigations which I didn’t see discussed.