LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Friday, December 27th, 2019

    Time Event
    5:28p
    Huang: Can We Build Trustable Hardware?
    Andrew 'bunnie' Huang has posted a detailed article on
    why creating trustable hardware is so difficult and describing a project
    he's working
    on to do it anyway. "While open hardware has the opportunity to
    empower users to innovate and embody a more correct and transparent design
    intent than closed hardware, at the end of the day any hardware of
    sufficient complexity is not practical to verify, whether open or
    closed. Even if we published the complete mask set for a modern
    billion-transistor CPU, this 'source code' is meaningless without a
    practical method to verify an equivalence between the mask set and the chip
    in your possession down to a near-atomic level without simultaneously
    destroying the CPU.    "
    5:29p
    [$] KRSI — the other BPF security module
    One of the first uses of the BPF virtual
    machine     outside of networking was to implement access-control policies
    for the seccomp()
    system call. Since then, though, the role of BPF in the security area has
    not changed much in the mainline kernel, even though BPF has evolved
    considerably from the "classic" variant still used with seccomp()
    to the "extended" BPF now supported by the kernel. That has not been for a
    lack of trying, though. The out-of-tree Landlock security module was covered here over three years ago. We also looked at the kernel runtime security
    instrumentation (KRSI) patch set in September. KP Singh has posted a new
    KRSI series    , so the time seems right for a closer look.
    5:44p
    Security updates for Friday
    Security updates have been issued by SUSE (dia, kernel, and libgcrypt).
    5:54p
    Garrett: Wifi deauthentication attacks and home security
    Matthew Garrett works
    out     how to avoid being recorded by "Ring" door cameras in his apartment
    building. "The most interesting one here is the deauthentication
    frame that access points can use to tell clients that they're no longer
    welcome. These can be sent for a variety of reasons, including resource
    exhaustion or authentication failure. And, by default, they're entirely
    unprotected. Anyone can inject such a frame into your network and cause
    clients to believe they're no longer authorised to use the network, at
    which point they'll have to go through a new authentication cycle - and
    while they're doing that, they're not able to send any other
    packets.    "

    << Previous Day 2019/12/27
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org