"The transient-execution attack Meltdown leaks sensitive information by transiently accessing inaccessible data during out-of-order execution. Although Meltdown is fixed in hardware for recent CPU generations, most currently-deployed CPUs have to rely on software mitigations, such as KPTI. Still, Meltdown is considered non-exploitable on current systems. In this paper, we show that adding another layer of indirection to Meltdown transforms a transient-execution attack into a side-channel attack, leaking metadata instead of data. We show that despite software mitigations, attackers can still leak metadata from other security domains by observing the success rate of Meltdown on non-secret data. With LeakIDT, we present the first cache-line granular monitoring of kernel addresses. LeakIDT allows an attacker to obtain cycle-accurate timestamps for attacker-chosen interrupts. We use our attack to get accurate inter-keystroke timings and fingerprint visited websites. While we propose a low-overhead software mitigation to prevent the exploitation of LeakIDT, we emphasize that the side-channel aspect of transient-execution attacks should not be underestimated."
https://cispa.de/en/research/publications/4011-indirect-meltdown-building-novel-side-channel-attacks-from-transient-execution-attacks
meltdown, the spectre of modern computing
"Stemming from reports of several fake crypto apps appearing in Canonical's Snap Store that aimed to steal user funds, temporary restrictions have been put in place while Canonical investigates the security matter.
[...]
the Snap Store removed the reported Snaps. A temporary manual review requirement has also been put in place on new Snap registrations."
https://www.phoronix.com/news/Snap-Store-Malicious-Apps
another step closer to microsoft and windows lol
microsoft is not merely satisfied with logging the full URLs (example.com/private_site_content) of every user (microsoft defender smartscreen) so ofc like with windows the next step is to sell there user to the next highest bidder.
cloudflare is already the default DNS provider in firefox (use librewolf or tor/mullvad browser) but that's not enough they want ALL the traffic so naturally a free vpn is the perfect fit to further increase there fluorescent control over the internet. glad to see they are going back to there roots as a honeypot...
https://web.archive.org/web/20230928175413/https://blog.cloudflare.com/cloudflare-now-powering-microsoft-edge-secure-network/
@チャノさん its the same bs with refund costing money on fiat payment processors as if there is any actual work being done instead of 1 and 0 just changing by themselves
>hack around
>change something on my system which would be tiresome and take long to revert back
>roll back snapshot from the last hour which is instant, bit perfect, minimal used storage space and does not touch user files
literally how can anybody live without this. heil ZFS
@Cayhr faggots are terrified of "AI" that is trained on real data because its exposing there lies. thats why microsoft and mozilla are trying there best to beat them into submission with restrictions and false data that adheres to there dogma.
never forget tay :ina_blessed: nothing is safe from there grooming
@翠星石
>But, Rockstar can authorize such modifications and they have for their own distribution.
ofc they can but they do not own the modifications made by somebody else. it depends on the country but you can own the rights to derivative work.
Oddbean new post about login | logout
Notes by DarkMahesvara | export