[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

https://arstechnica.com/security/20 17/02/new-aslr-busting-j

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. https://arstechnica.com/security/20 17/02/new-aslr-busting-j
Thread replies: 15
Thread images: 4

Anonymous
2017-02-16 04:57:12 Post No. 58973335
[Report] Image search: [Google]
File: chrome_2017-02-16_18-56-56.png (27KB, 795x176px) Image search: [Google]
chrome_2017-02-16_18-56-56.png
27KB, 795x176px
Anonymous 2017-02-16 04:57:12 Post No. 58973335 [Report]
https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/

Where were you when CPU designs killed security?

>inb4 javascript shit
this is not javascript specific
>>
Anonymous 2017-02-16 05:49:27 Post No.58974155
[Report]
Anonymous 2017-02-16 05:49:27 Post No.58974155 [Report]
>we just kinda assumed nobody would ever break this security method
>>
Anonymous 2017-02-16 07:41:35 Post No.58975774
[Report] Image search: [Google]
Anonymous 2017-02-16 07:41:35 Post No.58975774 [Report]
File: 1487094879427.png (283KB, 600x478px) Image search: [Google]
1487094879427.png
283KB, 600x478px
>not already using noscript
>>
Anonymous 2017-02-16 07:46:48 Post No.58975832
[Report] Image search: [Google]
Anonymous 2017-02-16 07:46:48 Post No.58975832 [Report]
File: slowpoke.png (84KB, 1920x1080px) Image search: [Google]
slowpoke.png
84KB, 1920x1080px
>>58975774
We're gonna have to do everything in a virtual machine inside of a virtual machine now
>>
Anonymous 2017-02-16 07:57:24 Post No.58975959
[Report]
Anonymous 2017-02-16 07:57:24 Post No.58975959 [Report]
>>58973335
Based web assembly?
>>
Anonymous 2017-02-16 08:02:37 Post No.58976031
[Report]
Anonymous 2017-02-16 08:02:37 Post No.58976031 [Report]
That is so cool though. It's not really a CPU bug but rather a CPU design flaw. It works on ARM and other ISAs too right?
>>
Anonymous 2017-02-16 08:20:14 Post No.58976258
[Report]
Anonymous 2017-02-16 08:20:14 Post No.58976258 [Report]
>>58976031
yea
>The researchers identified 22 microarchitectures from Intel, Advanced Micro Devices, and ARM that were vulnerable. They went on to say they have yet to test an architecture that didn't provide the MMU signal necessary to exploit the side channel.
>>
Anonymous 2017-02-16 08:40:33 Post No.58976550
[Report]
Anonymous 2017-02-16 08:40:33 Post No.58976550 [Report]
I remember there was that mad hardware exploit on a legacy feature on older processors.
The fix was literally deleting it from the CPU architecture.
That was a minor thing at best.

This is a fucking major component.
SHITS FUCKED YO
>>
Anonymous 2017-02-16 08:53:50 Post No.58976727
[Report]
Anonymous 2017-02-16 08:53:50 Post No.58976727 [Report]
>>58973335
ASLR is basically a joke anyway.
It doesn't prevent attacks it just reduces the chance that an attack succeeds.
>>
Anonymous 2017-02-16 08:56:35 Post No.58976757
[Report] Image search: [Google]
Anonymous 2017-02-16 08:56:35 Post No.58976757 [Report]
File: confuzzled kot.jpg (8KB, 250x201px) Image search: [Google]
confuzzled kot.jpg
8KB, 250x201px
how does JS get such low level access
>>
Anonymous 2017-02-16 09:02:41 Post No.58976847
[Report]
Anonymous 2017-02-16 09:02:41 Post No.58976847 [Report]
>>58976757
it doesnt
it literally reads and writes memory and predicts cache misses using performance.now or some high resolution timer

the point isn't javascript, you can do it in any language
>>
Anonymous 2017-02-16 09:08:30 Post No.58976929
[Report]
Anonymous 2017-02-16 09:08:30 Post No.58976929 [Report]
>>58973335
Rip pc gaming.
>>
Anonymous 2017-02-16 09:18:11 Post No.58977075
[Report]
Anonymous 2017-02-16 09:18:11 Post No.58977075 [Report]
>>58976929
more like rip java script

am i right guys
>>
Anonymous 2017-02-16 09:20:26 Post No.58977115
[Report]
Anonymous 2017-02-16 09:20:26 Post No.58977115 [Report]
>>58977075
rip everything you morone
>>
Anonymous 2017-02-16 09:28:56 Post No.58977254
[Report]
Anonymous 2017-02-16 09:28:56 Post No.58977254 [Report]
>>58977115
thank fuck for that
Thread posts: 15
Thread images: 4
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.