Viewing posts tagged mitigations

The Blue Hat Prize: A late April Fools joke

Posted by: Subreption LLC in Security Money Critiques 9 months, 2 weeks ago It's August 2011. The weather has been getting warmer and warmer over the course of the last few weeks. The sun is roasting all Vegas sentient life against the pavement, while swarms of security professionals stroll down the sidewalks. It's been a very strange year so far. Keeping up with the hype-n'-bake modus operandi of the industry in the past decade, Microsoft has announced the Blue Hat Prize Contest with a "whopping" prize (but not a cash prize while at it) for building new "security mitigation technologies". Circa 260,000 USD are at stake, including paid travel and expenses to Black Hat 2012, that is, if the world doesn't implode with the help of the naive and the people at Microsoft Outreach.Disregarding of the fact that the very same people offering this prize have been consistently developing business intelligence on the industry, gathering gossip and influence from unsuspecting and not-so-unsuspecting professionals and "sceners", we have decided, as the independent, enfant terrible ensemble company we are, to completely vivisect this contest and explain, summing up the lengthier article in as few words as possible, why you should really not sell yourselves so cheap. Tags: stunts microsoft bluehat mitigations
read more / Comments

Mac OS X Lion: Did security mitigations manage to squeeze in?

Posted by: Subreption LLC in Security Apple 10 months, 2 weeks ago They say a picture is worth a thousand words, or so the saying goes. Therefore, the output from the now classic paxtest tool (which exposed the practical differences of ExecShield and PaX, among an array of other interesting tidbits) follows: Tags: mitigations macosx pax nx
read more / Comments

KERNHEAP for the Linux kernel 2.6 released

Posted by: Subreption LLC in Linux Security Research & Development 2 years, 6 months ago Few months after the publication of the original "Linux Kernel Heap Tampering Detection" paper in  Phrack Magazine 66, we are proud to announce the availability of KERNHEAP. The implementation has built on several of the ideas described in detail in the paper. There are several improvements and changes not covered by the article, which are significant enough to be explained in a more or less detailed manner in this announcement.Without further ado, KERNHEAP is available at http://www.subreption.com/kernheap as patches applicable to the latest stable 2.6 Linux kernel revision. Tags: kernheap linux mitigations
read more / Comments

08.06.2011

The Blue Hat Prize: A late April Fools joke

07.16.2011

Privacy violations in Blind-Carbon-Copy mail

07.05.2011

Mac OS X Lion: Did security mitigations manage to squeeze in?

03.13.2011

Virtual machine series: Lightweight embeddable languages

10.24.2009

Why Linux security has failed (for the past 10 years)

• bluehat (1)
• microsoft (1)
• stunts (1)
• mitigations (3)
• macosx (1)
• pax (1)
• nx (1)
• gpg (1)
• pgp (1)
• vm (1)
• embedded (1)
• linux (3)
• mls (1)
• selinux (1)
• grsecurity (1)
• kernheap (1)