OpenBSD – Page 3 – WindowsTechs.com

pf: Filter by Class C network

Posted on September 5, 2018 by typo

We’ve all seen this kind of entries in our firewall log, which Peter Hansteen has termed the Hail Mary Cloud (or, at least, a milder version of it):

rule 5/0(match): block in on eth0: 115.238.245.2.33090 > 123.456.789.012… Continue reading pf: Filter by Class C network→

Is there something similar to Firejail for OpenBSD?

Posted on August 9, 2018 by puzzle

On Linux, Firejail (https://firejail.wordpress.com/) offers an easy way to sandbox web browsers and other programs.

Is there an easy way to sandbox a web browser on OpenBSD ?

(reserve question: is there a non-easy way ?)

… Continue reading Is there something similar to Firejail for OpenBSD?→

Hyperthreading under scrutiny with new TLBleed crypto key leak

Posted on June 25, 2018 by Peter Bright

A new attack prompted OpenBSD’s developers to disable hyperthreading by default. Continue reading Hyperthreading under scrutiny with new TLBleed crypto key leak→

OpenBSD Disables Intel Hyper-Threading to Prevent Spectre-Class Attacks

Posted on June 20, 2018 by Swati Khandelwal

Security-oriented BSD operating system OpenBSD has decided to disable support for Intel’s hyper-threading performance-boosting feature, citing security concerns over Spectre-style timing attacks.

Introduced in 2002, Hyper-threading is Intel’s implemen… Continue reading OpenBSD Disables Intel Hyper-Threading to Prevent Spectre-Class Attacks→

Could be a security risk installing old version of OpenBSD on Internet server?

Posted on December 26, 2017 by user166931

I have one specific package (moodle) which is not available on newer versions of aforementioned OS (last version of moodle was available on OpenBSD 5.3) which is more than 4 years old. Knowing of OpenBSD impressive security … Continue reading Could be a security risk installing old version of OpenBSD on Internet server?→

Google Warns of DoS and RCE Bugs in Dnsmasq

Posted on October 3, 2017 by Tom Spring

A domain name system server implementation is at risk of remote code execution, information exposure and denial-of-service attacks after a seven vulnerability were disclosed by Google and patched by the maintainers of Dnsmasq. Continue reading Google Warns of DoS and RCE Bugs in Dnsmasq→

OpenBSD is implementing KARL. How does this improve security?

Posted on July 7, 2017 by Digital Fire

According to this article, OpenBSD is implementing a feature that will create a unique kernel every time a user reboots or upgrades his computer.

It is called KARL, “Kernel Address Randomized Link”. This works by relinking … Continue reading OpenBSD is implementing KARL. How does this improve security?→

A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered

Posted on June 20, 2017 by Swati Khandelwal

Update: Find working Exploits and Proof-of-Concepts at the bottom of this article.

Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to escalate their privileges to root, potentially leading to a full system takeover.

Dubbed Stack Clash

Continue reading A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered→

Serious privilege escalation bug in Unix OSes imperils servers everywhere

Posted on June 19, 2017 by Dan Goodin

“Stack Clash” poses threat to Linux, FreeBSD, OpenBSD, and other OSes. Continue reading Serious privilege escalation bug in Unix OSes imperils servers everywhere→

Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access

Posted on June 19, 2017 by Michael Mimoso

Patches are available for a newly discovered Linux, BSD and Solaris vulnerability called Stack Clash that bypasses stack guard-page mitigations and enables root access. Continue reading Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access→