Collaborate Disseminate
Patches are available for a newly discovered Linux, BSD and Solaris vulnerability called Stack Clash that bypasses stack guard-page mitigations and enables root access. Continue reading Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access
I’ve found a strange hostname in my dhcpd.leases file and I’m wondering what steps I should take in response.
I have a simple home network: my modem is plugged into a router running OpenBSD 6.0, and a laptop and an old Netge… Continue reading How should I respond to an unrecognized client in my DHCP logs?
The number of OpenBSD’s known vulnerabilities is tiny, but so it’s the number of users. How significant is this scarceness of exploits found?
Continue reading Is OpenBSD’s low number of exploits really that relevant?
In this talk on privilege separation, Theo de Raadt explains that OpenBSD’s ntpd has a master process which calls settimeofday(), a DNS process responsible for querying DNS servers, and an NTP protocol process which is respon… Continue reading How does separating concerns into separate processes (without enforcement) help security?
In this talk on privilege separation, Theo de Raadt explains that OpenBSD’s ntpd has a master process which calls settimeofday(), a DNS process responsible for querying DNS servers, and an NTP protocol process which is respon… Continue reading How does separating concerns into separate processes (without enforcement) help security?
In this talk on privilege separation, Theo de Raadt explains that OpenBSD’s ntpd has a master process which calls settimeofday(), a DNS process responsible for querying DNS servers, and an NTP protocol process which is respon… Continue reading How does separating concerns into separate processes (without enforcement) help security?
The BSD libc library was updated recently to address a buffer overflow vulnerability that could have allowed an attacker to execute arbitrary code.
Continue reading Buffer Overflow in BSD libc Library Patched
http://blog.acumensecurity.net/revisiting-wx-with-openbsd-6-0/
http://blog.acumensecurity.net/fpt_wx_ext-1-a-rundown/
Has anybody got the cc-memtest binary or source code or cc-memtest?
A program that can test the followi… Continue reading cc-memtest for testing memory security for OpenBSD
Last week’s OpenSSH security update warrants a close look for users who re-enable X11Forwarding in OpenSSH. Continue reading OpenSSH Implementations with X11Forwarding Enabled Should Heed Recent Security Update
I’m learning that much of the security advice I come across under the “hardening” heading simply does not apply to a single-user home desktop box sitting in a private wireless IPv4 LAN behind a Comcast cable modem. Furthermo… Continue reading What’s there to harden for a home Unix-box behind Comcast cable modem?