Readit News logoReadit News
assusdan commented on New dog, old trick: DaMAgeCard attack targets memory directly via SD card reader   swarm.ptsecurity.com/new-... · Posted by u/thebeardisred
Syonyk · 9 months ago
That's a solid writeup on the history of external DMA attacks! Very nicely done, and well worth a read.

This sort of thing is why QubesOS tends to put hardware controllers in isolated VMs and only pass access through. With a working IOMMU (any modern hardware has this), all you can get is DMA access into a VM that doesn't actually have much of interest in it, and no access into other VMs...

//EDIT: Though at a closer read, there's some that... isn't quite right, in how terms and examples are done. I'd expect better from someone doing low level security work - INB copies to a general purpose register, not a memory address, a DMA controller is a "discrete" bit of hardware, it's not very "discreet," etc. I'm not sure. This is starting to feel very AI-assisted to me. The overall concepts are fine, but a lot of the background section doesn't read reasonably, or goes off into weird weeds and... never explores them. The Intel Xeon is not a less exotic example of a DMA controller. The PC/AT platform did not have a PCI bus.

Eh. I remain convinced it's a decent enough overview of the matter, but a lot of the details just read really weird to me in the background sections. To the point that this could be an interview discussion question. "What does this get subtly wrong?"

assusdan · 9 months ago
Russian version of this article, published slightly earlier AFAIU ( https://habr.com/ru/companies/pt/articles/863536/ ) does not look very AI-assisted, but still contains some of the weird moments you mentioned.

"discreet" looks like translation error, in russian version word "special" is used. PC/AT is still there, as well as Xeon example (latter does not seem "not quite right" to me)

assusdan commented on $8k Suzuki from India received a 5-star crash test rating   jalopnik.com/this-8-000-s... · Posted by u/rntn
torginus · 9 months ago
Aren't modern Ladas based on Renault tech (so essentially the same as Dacias)
assusdan · 9 months ago
Nivas (both classic/4x4/Legend niva and travel/chevrolet niva) are not based on Renault tech, they've been developed inhouse (with GM help on Travel one)
assusdan commented on Poll: Do you use browser profiles?    · Posted by u/varun_ch
assusdan · 10 months ago
I use firefox profiles, separate for a) personal use b) work and c) personal use with different network settings (as I need more than one VPN connected simultaneously, I launch this profile from Distrobox) to connect to geofenced / ISP blocked services.

I use different color schemes to visually distinguish them.

The only problem is that opening link from other apps do not automagically select right profile, so I have to manually copypaste it. Otherwise, it all works awesomely.

assusdan commented on Busy Status Bar   busy.bar/?hn... · Posted by u/aleksi
VoxPelli · a year ago
Is there any message from the Flipper Zero people that this is actually their device?

It’s not mentioned on https://www.flipperdevices.com/, neither on https://flipperzero.one/ or their Instagram?

They have been plagued with peopling scamming people in their name before

assusdan · a year ago
It is mentioned at their "We're hiring" page https://flipperdevices.com/jobs#!/tab/282752814-2

"We are looking for a professional multidisciplinary designer to join our Busy Status Bar team and help bring the product to Kickstarter, generating excitement among future users."

assusdan commented on AMD's Turin: 5th Gen EPYC Launched   chipsandcheese.com/p/amds... · Posted by u/zdw
mistyvales · a year ago
Here I am running a 12 year old Dell PowerEdge with dual Xeons.. I wonder when the first gen Epyc servers will be cheap fodder on eBay.
assusdan · a year ago
IMO, 1st gen Epyc is not any good, given that 2nd gen exists, is more popular and is cheap enough (I actually have epyc 7302 and MZ31-AR0 motherboard as homelab). Too low performance per core and NUMA things, plus worse node (2nd gen compute is 7nm TSMC)
assusdan commented on Russian TLD .RU fails DNSSEC validation   dnsviz.net/d/cctld.ru/dns... · Posted by u/ainar-g
patrakov · 2 years ago
The badly signed records are still there in various provider's DNS caches as of now. 8.8.8.8 and 9.9.9.9 in the Philippines are still affected - cannot resolve .ru domains.
assusdan · 2 years ago
Yeah, I think major Russian providers just flushed caches by hand, as rollout was by-region, which is not smooth nor simultaneous

EDIT: rollout in some very large telecom here is still in progress, by region.

assusdan commented on Russian TLD .RU fails DNSSEC validation   dnsviz.net/d/cctld.ru/dns... · Posted by u/ainar-g
dgrin91 · 2 years ago
I'm not familiar with DNSSEC. What sis the impact of this? Do web pages fail to load or is it just some security warning? Also was this just someone failing to update a cert in time or is this some sort of hack?
assusdan · 2 years ago
Basically, all ru. TLD became failing for all dns resolvers that use DNSSEC (which is the most of them)

As user, I am unable to visit any pages on .ru domains, as their IP would not resolve.

Reason is highly likely mistake (human side) in signing procedure, not something time- or hack- related.

Someone is most likely CC for TLD RU, aka АНО КЦНДСИ, official registry of .ru TLD.

assusdan commented on Russian TLD .RU fails DNSSEC validation   dnsviz.net/d/cctld.ru/dns... · Posted by u/ainar-g
assusdan · 2 years ago
That was scary. Fixed at about 16:55 UTC, total about 1hr of downtime.
assusdan commented on Failing to Learn Zig via Advent of Code (2022)   forrestthewoods.com/blog/... · Posted by u/takemine
assusdan · 2 years ago
January 17th, 2022
assusdan commented on New scalable, fault-tolerant, and efficient open-source MQTT broker   github.com/thingsboard/tb... · Posted by u/ashvayka
assusdan · 2 years ago
Actually, it is up-to-date (new features twice a year, some of them, e.g. virtual threads, are truly SotA) and not legacy (things like graalvm and helidon 4 are relatively new and are awesome). Do not avoid Java if your project would benefit from it.

u/assusdan

KarmaCake day84May 29, 2017
About
Backend engineer from Russia, currently working on API Management solution for large telecom operator.

I do not support Putin and his government.

View Original