It was a tech to mitigate bufer overflow attacks in 1980s
Name:
Anonymous2018-12-07 22:11
It is like playing RTS with a fog of war and hoping that your enemy has no maphack. Security by obscurity. Edited on 07/12/2018 22:12.
It is like playing RTS with a fog of war and hoping that your enemy has no fog of war. Security by obscurity.
It is like playing RTS with a fog of war and hoping that your enemy has no maphack. Security by obscurity.
Name:
Anonymous2018-12-07 23:39
more memory = more secure
Name:
Anonymous2018-12-08 7:01
>>6 Unironially, ASLR is good on 64bit memory space because there is lots of random prefixes to load images. On 32bit there is too little space.
Name:
Anonymous2018-12-08 17:45
512-bit addresses in order to make ASLR work properly.
Name:
Anonymous2018-12-08 21:30
So what benefit does the randomization have? Is it something to do with stack overflows in nearby memory locations?
Name:
Anonymous2018-12-08 22:38
>>9 It prevents you from knowing the memory layout so it protects against any exploits that require having specific things at specific addresses, if it's implemented properly. So attacks using things like ROP and buffer overflows are harder.
Name:
Anonymous2018-12-09 0:20
>>10 Are there ways to get around ASLR to still do ROP or overflows anyway? Can you somehow predict the randomness or figure out the memory locations of the things you want to change?
>>15 Libgen is free to mirror, and so is crawling a search engine. Wikipedia has the best article.
Name:
Anonymous2018-12-10 7:40
>>11 the way around it is finding and exploiting memory leaks. you find a pointer to a known place in a library and then use offsets to access ROP gadgets (because offsets within a lib don't change, only its starting position)
>>18 High-level concrete logic is needed, the low-level bruteforce statistics won't cut it in the long run. THe flimsy, weak side of neural networks is that they are built on restricted data.
Name:
Anonymous2018-12-11 0:10
>>19 They are called expert systems and were the main thing behind some of the previous AI winters.
The fact that TempleOS has no paging and uses straightforward identity mapping of memory, no paging and no virtual memory. I know this is an anathema to any Windows-type o/s but a straight-forward memory map is appealing for very quick o/ses in these days of massive memory systems. https://www.reactos.org/forum/viewtopic.php?t=15846
Name:
Anonymous2018-12-15 20:42
>>29 just because templeOS is minimal for memory and security doesn't mean it's good
How so? It's actually the best option. - Performance: one of the most time-consuming operations is switching contexts, something which is needed for every syscall. - Minimalism: Templeos will be able to be ported just fine to architectures that are not bloated intel crapware with 10 million different side channel attacks.
Name:
Anonymous2018-12-16 7:39
>>31 you're just a contrarian dude who says dumb shit because you think it's funny, but you and I both know it's garbage for security
How does a driver’s test, an advertising board or a cash register benefit from rings?
if they're IoT or otherwise internet-connected then people are gonna find them on shodan or masscan and then they'll be a part of some botnet doing nefarious things if they don't have proper security
protection rings help
Name:
Anonymous2018-12-16 15:45
>>35 What do rings have to do with network security? Sure, people will do their own networking stuff, which will suck, but you can still use prebuilt stuff made by semi-intelligent people.
Name:
Anonymous2018-12-16 15:58
>>32 No, I am being completely serious. As for running everything as root, it does not matter at all as long as you are a single user.
>>35 You can run botnets in userspace. Not to mention that dependent types would have prevented any potential threads.
Name:
Anonymous2018-12-18 1:33
I like ASLR. Listening to it gives me a tingly feeling much like when I