Collaborate Disseminate
As I understand it, a sandbox is an isolated environment on a machine, used to protect the host from the programs in the sandbox.
Is there something similar but in reverse, for running important programs on a potentially hostile host?
For … Continue reading Existence of sandbox to protect programs from a hostile host
I am writing to express my deep concern about potential widespread vulnerabilities affecting multiple Linux distributions. While my findings are based on personal experiences and require further verification, I urge the security community … Continue reading Urgent Investigation Needed: Potential Widespread Tampering Linux Distributions Across Diverse Variants [closed]
I know the safest bet If I want to remain anonymous is having 2 separate computers, but I was curious if having 2 OS in different hard drives (both encrypted) but on same computer the same? Is the hardware linked?
Like if I were to use one… Continue reading Is hardware linked between different operating systems installed in same computer?
Windows has offered the ability to download updates from machines in the local network for some time. My gut feeling tells me this would be a great attack vector for Windows security vulnerabilites.
Have there been security vulnerabilites … Continue reading Security vulnerabilites in Windows updates from local network
I am interested in standardizations for secure design and development of products, especially towards operational technology / IoT / ICS. My understanding of information security management systems via the ISO 27XXX and country-specific st… Continue reading Standards for Secure Products
Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library:
On Thursday, researchers from security firm Rezillion published evidence that they said made it “highly likely” both indeed stemmed from the same bug, specifically in libwebp, the code library that apps, operating systems, and other code libraries incorporate to process WebP images.
Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said. The researchers concluded that “millions of different applications” would remain vulnerable until they, too, incorporated the libwebp fix. That, in turn, they said, was preventing automated systems that developers use to track known vulnerabilities in their offerings from detecting a critical vulnerability that’s under active exploitation…
Are there innovative approaches that can be used to enhance authentication on modern operating systems while maintaining a user-friendly experience?
Are there any examples to provide stronger security without compromising usability?
I found out about AOSP variants such as Calyx, Graphene, etc. They promise increased security. I want to know if hardware backdoors can allow access to the camera, microphone, etc. and subsequently allow shipping of that data over the netw… Continue reading Can mobile hardware have backdoor access to camera, microphone that bypasses operating system?
I found out about AOSP variants such as Calyx, Graphene, etc. They promise increased security. I want to know if the hardware (CPU) can access the camera, microphone, etc. directly and record the user without the OS "finding out"… Continue reading Can mobile hardware access other components directly?
From what I know, DLL are loaded in this order (simplified) :
Is present in memory ?
KnownDLLs
Curent Application Dir
System32 directory
Etc (not in the question scope)
Step to reproduce the behavior :
Download Process Explorer (Sysinte… Continue reading Why are some DLL not present in KnownDLLs not loaded from current application directory [migrated]