anx – WindowsTechs.com

Does allowing binfmt_misc significantly increase the attack surface for unprivileged users that already can launch – native – binaries?

Posted on August 20, 2023 by anx

The Linux kernel lets me register and execute additional binary formats as if they were regular executables.
I am thinking of this mostly as a convenience method, completing what specifying the interpreter via Shebang already partially acc… Continue reading Does allowing binfmt_misc significantly increase the attack surface for unprivileged users that already can launch – native – binaries?→

What mitigations exist for AMD vulnerability CVE-2023-20593 Zenbleed?

Posted on July 25, 2023 by anx

I recently read that in the never ending series of speculative-execution flaws, unintended data written to extended registers ends up making secrets readable across privilege boundaries on AMD Zen 2 CPUs. This sounds like something I do no… Continue reading What mitigations exist for AMD vulnerability CVE-2023-20593 Zenbleed?→

Does HTTP/3 necessitate additional – beyond HTTP/2 via TLS1.3 – restrictions on client authentication (mTLS)?

Posted on July 9, 2023 by anx

A recent Nginx release allows me to set listen 443 quic; to enable HTTP/3. Neat. I had been using HTTP/2 with TLS1.3 before, so I did not expect that change much, just optimize round trips with otherwise matching security properties.
One m… Continue reading Does HTTP/3 necessitate additional – beyond HTTP/2 via TLS1.3 – restrictions on client authentication (mTLS)?→

Is it safe to use conntrack on Linux bridge devices?

Posted on September 21, 2021 by anx

I have a server with a number of Linux bridge devices for use with groups of virtual machines – some internet-routed, some intentionally unrouted. I have stateful firewalling in place for traffic traversing across and between those bridges… Continue reading Is it safe to use conntrack on Linux bridge devices?→

Is gnupg2 –refresh-keys susceptible to any attacks based on fingerprint collisions?

Posted on March 29, 2019 by anx

Alice updates her OpenPGP key yearly. Bob updates his copy using: gpg2 –refresh-keys

Mallory ensures that Bob uses her keyserver, which offers her own key, which

is sharing the 32-bit “short” Key ID with Alice
is sharing … Continue reading Is gnupg2 –refresh-keys susceptible to any attacks based on fingerprint collisions?→

What are dedicated TOTP devices called?

Posted on March 31, 2018 by anx

I would like to buy a device that can be provisioned with a secret seed and then displays a time based authentication token without ever revealing the seed.

As terms like 2FA, TOTP and Authenticator are almost guaranteed to only show up i… Continue reading What are dedicated TOTP devices called?→

How can SEC_ERROR_REVOKED_CERTIFICATE in firefox be further examined?

Posted on January 1, 2017 by anx

A https website, which is not under my control, leads to an error message SEC_ERROR_REVOKED_CERTIFICATE in Firefox 51.
The CRL (url embedded in the certificate) does not distrust the sites certificate.
openssl s_client has no… Continue reading How can SEC_ERROR_REVOKED_CERTIFICATE in firefox be further examined?→