I’ve decided to change the format of the link dumps, along with moving the publish date to Mondays. I hope the bit of insight is more useful than a quick one-liner and the URL. Let me know what you think.
OpenSSH adds sandbox mode for Linux’s new seccomp filter. This is a huge step in securing the sshd process post-attack. By restricting permissible actions AFTER an attack, the administrator can ensure attacker’s capabilities are limited during a compromise. This means an ancillary exploit will be needed to gain persistence, making the cost of exploitation to be much higher.
An amazing advisory by Derek Soeder. This type of detail is rarely seen these days. While it’s a long read it is definitely worth it.
A good introduction to vtrace while explaining why examining data from functions like ReadFile() is useful. As a user of vtrace it is always nice to see how other people write their debuggers. Good work Brandon!
Storing data in the cloud, such as iCloud, Dropbox, etc doesn’t mean that it is unaccessible by the storage provider. The data is encrypted, but the provide still holds the key, resulting in the ability to read all your data if necessary. Obviously I’d only recommend storing data of non-consequence on cloud storage providers. Keep the important things somewhere safer.