Sorry, I'm being imprecise. Yes, they're reading from kernel memory. But the specific thing they're reading is useful as a KASLR bypass.
I think I understand that the subtext of this thread is: can you only bypass KASLR with it, or can you read pretty much anything from kernel memory? And yeah: it sure seems like you can work out arbitrary kernel values; it's hard to think of a way this bug could work where you can figure out the symbols of specific kernel functions, but not arbitrary values in the kernel.
If you know the specific kernel being used, all you have to figure out is the base address of the kernel to have to whole layout to break KASLR.
So if it had been a timing attack where an unmapped memory reference takes longer to fail than a memory reference with the wrong permissions, then you could scan all of the KASLR slots without actually reading back any data.
Yeah, that's true. I hadn't considered that the fragility of KASLR meant that there are lots of vectors for breaking it that don't require a huge chip break. Sorry, I'm making the thread dumber.
But, I mean: that's what that dude is doing in that tweet, is all I'm saying. :)
By reading from the actual memory address, yes. Defeating kASLR with side channels is meh. Reading from actual addresses is a different matter entirely.
Well, I suppose it's a philosophical thing, but I don't subscribe to the discover point of view. However, to be clear, I don't think there's anything wrong with this viewpoint.
For me, math is a set of rules that we know to be consistent. Based on these rules, we put together new constructions that obey this framework. When I prove a theorem, I don't really internalize it as discovering something that was already there, but as putting together a new creation based on a set of tools that I already have. As the author of the result, I have the flexibility to be as creative as I want in how I prove the result and that creativity has an affect on how people view and internalize the theorem. I mean, if someone writes a narrative story we could say that the story was always there and that they just discovered it in a sea of words. Again, there's nothing wrong with that point of view, but I prefer to say that the person created the story.
Seeing this at 11 is honestly what made me interested in computers and pushed me towards my current career, so seeing that it is 20 years old is sort of a shock.
I can also certainly can relate to the portion of the audience that found phreaking much more interesting than hacking and the fact that the phreaking scene is all but dead is pretty sad.
I tend to agree with most points. I always credit my undergraduate CS education with teaching me about how to think about a variety of computational problems using a variety of languages as lenses. I actually think that is why I've been able to succeed in a number of different development roles (Web Developer, Mobile Developer, Reverse Engineer). If I had had multiple semesters of learning only language/framework-X features, I think I would have been worse off for it.
That being said, it did take me a while to appreciate that this was what my education gave me and obviously, no approach works for everyone.
For now. Reading into it, it seems like they found one of the useful UAFs that facilitates a memory write instead of your less useful CALL virt_func. Flash is just a means to create an infoleak by over-wrting the vector length, it is likely that you could do the same without any dependencies by just targeting IE itself.
This is actually one of the reasons I do what is now called "Intermittent Fasting". I found in my teens that I was much, much more focused and alert on an empty stomach. I've always assumed it had to do my insulin response to meals as low-carb diets had a similar effect but not eating during the day was just easier.
Agreed, don't run AV at all. It is always fun to take something from metasploit, see that is detected by most AVs - change one or two strings that are obvious choices for signatures and watch detection rates drop to close to 0. Even behavioral or heuristic detection is absurd sometimes (IE is writing into the process memory of notepad? Probably fine). It is a really tough problem to solve, to be fair to AV vendors.
Dumb question: since modern CPUs and operating systems support virtual memory, shouldn't it be impossible for processes to access memory of other processes, since processes no longer have to deal with shared memory?
...unless you're alluding to security exploits that manage to subvert that mechanism.
I think the answer here is compatibility.
But we finally are in a turning point. OSX's new apps and windows metro apps are sandboxed.
But until running mostly apps becomes the norm in a desktop system beware that not having admin privileges doesn't not mean you can NOT: load programs at startup, read most of registry settings, passwords, read memory of/close programs of same sec level. A malware doesnt need admin rights to do evil.
Still I believe AV products are useless even for inexperienced users.
In the end, instead of using debug features, the files could be altered before starting a process. Programs on the same user account have no protection from each other, and windows isn't going to give you a false sense of security.
If you want apps to be blocked from touching each other, they need individual user accounts or equivalent. Operating systems for phones do this, but this kind of system hasn't been ported to a normal desktop.
I've checked, and current versions of MSE will detect this in time, but it's fast approaching the point where Windows will be running in a snapshotted VM with no network access.
I would be interested to see what the blood levels of EPA/DHA were in the patients studied, the article isn't really helpful in that respect and it may be important.
Burnout in tech circles is like Depression in the population in general. 90% of people who say they have it really don't and the people who say it doesn't exist have no idea what in the world they are talking about. But for those who have it, it is un-mistakenly terrible.
I put in 80+ hour work weeks for 4 years straight at my last job and it got to a point where I was physically breaking down and developed a slew of transient (but terrifying) neurological problems. It got so bad I actually saw a neurologist who basically said that I was seeing the manifestation of extreme stress and had to stop (He actually pushed me to find a new job, interestingly.)
To your point, it never dawned on me that I was working too much. I had various problems that needed solutions and I was much too engulfed in the pursuit of their solution to really see what was happening until it became impossible to ignore. I'd venture to say most people with burnout are not driven there by someone or something but by themselves.
I'm still a student, but I pulled through something similar (trying to get into college), and I thought harder work would get me there. After a couple of months of sleeping 4 hours a day, and way too much coffee and ramen (some cram nights, I'd down 4 cans of nescafé,2 starbucks mocha's and 4 redbulls just to stay working, along with a bowl of cheap ramen to top it off), I started getting frequent colds, eye infections, you name it. I started dozing off and not waking up. I felt giddy in my skin. It was downright terrible.
And the irony of it? After totaling my body, I totaled my grades. Bye,bye Ivy's, it was nice :).
So I don't entirely agree with the author that lack of hard work should be the usual suspect, and that burnouts are an euphemism for slackerism.
This is happening to me right now. I struggle to find amid ground from working too hard and staying up till 4 am and working too little. Can you spare some advice?
Ok, the knack really seems to be work smarter, not harder. I haven't got it down to pat entirely, but I'm getting there.
If you have to work hard till 4 am to get school work done, you have a problem. You can group the problems though.
1. Wrong work
Odds are you do some work that feels like you're working hard but won't get you anywhere. I had a knack for finding those and working myself stupid over them. "Biology poster? Museum Exhibit it is". Whilst that kind of work can teach you something, don't fret it, and prioritize.
2.Too much work.
Don't follow in my footsteps and become an academic masochist. As said above, prioritize and cut things that aren't means to an end/enjoyable. Working on an important academic project you enjoy? Bullseye, it stays. Studying for a major exam that you require for graduation but hate? Dispatch it cleanly and quickly. There's techniques for that. Jamming on the guitar with friends? Sure, you have to relax after all. Working on a worthless elective class you hate? Do yourself a favor and chop it.
3. Handling work the wrong way
I'm down to 2 hours study for a 1 hour lecture (I think you can go lower), but I have friends who spend 5 on the same thing and grasp less. Is it because my friends are stupid? Hopefully not. But they tackle it the wrong way. Efficiency whilst studying will help you cut a lot of time off.
Also, understand that we run on cycles. Sleep/Wake, Work/Rest, etc. Every project I did where I tried fighting that fact (Staying up all the time, working all the time) turned into a burning wreck. So learn how you cycle, and work with it, not against it. Trust me, it makes your life easier.
Of course, I could rant on, but most of my mental images of dealing with these issues are really strange (So studying is like a multi-stage conversion-funnel where I try to optimize for x?), so I'll just recommend you the blogs of Cal Newport and Scott H Young.
http://calnewport.com/blog/http://www.scotthyoung.com/blog/
PS: You can get to little done for your taste, but working too little is mistaking the means for the end.
solistice gave you advice that runs the danger of telling you to work harder at burning yourself out. Given that I'm also giving advice, take that with a grain of salt.
"Make small changes," he suggests.
If you're really on the burnout train, your life is out of control because of your internal pressure to work. You want to be overworking yourself.
Some of that internal pressure is because of external pressure that you've accepted. You want the grades--do you want them, or are you running on others' expectations, and accepting them into your life?
My advice is, be prepared to make big changes. That's not even right: be prepared for big changes to happen to you. Burnout means you lose something.
And so what I should say is, be ready to give it up. You might be really happy if you didn't have all this internal pressure driving you to work all the time.
Are you doing it for them? Or are you doing it for you?
Don't be afraid to quit.
---
That said, you'll do your best work when you're under pressure you're not sure you can handle.
My impression is that you're a student. Apparently you're not under so much pressure that you don't have time to spare asking for advice.
I don't know if you're working too hard. There is always something to be said for keeping a little voice in your mind telling you to "Work harder."
But if it comes crashing down, you have a right to quit and to drastically change your life.
Oooops, my bad. Should have focused more on the balance aspect really.
I get what you mean by the internal pressure to work thing. You get anxious when you're not working, and that anxiety starts to nag on your psyche. I've gotten some good results with redefining work for myself, from "what breaks me" to "what compounds for results", but it isn't the perfect solution to the problem. Then, I subdivide mentally between work i should do and work I enjoy. The former category includes writing pieces of code I have to finish or studying for exams (I try to keep that kind of work relatively efficient and hard hitting), and the latter category includes things such as drawing or dancing, skills which are useful and relaxing at the same time.
2 is particularly relevant and more than solid grasp of CS is required depending on what you choose to do within the field. Malware Analysis for example can require understanding data structures, calling conventions, x86, compiler internals, etc.
Security is actually one of the few fields where I think you see a really interesting mix of theoretical and applied CS. Things like complexity theory, formal program analysis, etc pop up quite often.
https://twitter.com/brainsmoke/status/948561799875502080
Not good.