Tuesday, 2016-05-31

« Monday, 2016-05-30 Index Wednesday, 2016-06-01 »
*** salv-orlando has joined #openstack-security00:09
*** salv-orlando has quit IRC00:12
*** jamielennox|away is now known as jamielennox00:20
*** salv-orlando has joined #openstack-security01:12
*** salv-orlando has quit IRC01:17
*** yaya has joined #openstack-security01:30
*** yaya_ has joined #openstack-security01:31
*** yaya has quit IRC01:34
*** yaya_ is now known as yaya01:34
*** yaya has quit IRC01:50
*** markvoelker has joined #openstack-security01:51
*** markvoelker has quit IRC01:55
*** zul has joined #openstack-security02:01
*** hyakuhei has quit IRC02:08
*** hyakuhei has joined #openstack-security02:11
*** salv-orlando has joined #openstack-security02:33
*** salv-orlando has quit IRC02:38
*** sdake_ has joined #openstack-security02:46
*** yuanying has quit IRC02:47
*** sdake has quit IRC02:50
*** yuanying has joined #openstack-security02:52
*** diazjf has joined #openstack-security02:52
*** diazjf has quit IRC02:52
openstackgerritOpenStack Proposal Bot proposed openstack/anchor: Updated from global requirements  https://review.openstack.org/31434702:58
*** edmondsw has joined #openstack-security03:02
*** sdake_ has quit IRC03:07
*** yuanying has quit IRC03:43
*** yuanying has joined #openstack-security03:47
*** rcernin has joined #openstack-security03:48
*** markvoelker has joined #openstack-security03:52
*** markvoelker has quit IRC03:56
*** salv-orlando has joined #openstack-security04:39
*** stefany has joined #openstack-security04:40
*** salv-orlando has quit IRC04:44
*** rcernin has quit IRC04:52
*** stefany has left #openstack-security05:11
*** austin987 has joined #openstack-security05:22
*** jamielennox is now known as jamielennox|away05:24
*** jamielennox|away is now known as jamielennox05:28
*** salv-orlando has joined #openstack-security05:31
*** markvoelker has joined #openstack-security05:52
*** markvoelker has quit IRC05:57
*** ErrorxError has joined #openstack-security06:02
*** ErrorxError has quit IRC06:04
*** jamielennox is now known as jamielennox|away06:15
*** liverpooler has joined #openstack-security06:16
*** liverpooler has quit IRC06:21
*** liverpooler has joined #openstack-security06:21
*** salv-orlando has quit IRC06:49
*** tesseract has joined #openstack-security06:57
*** salv-orlando has joined #openstack-security06:59
*** rcernin has joined #openstack-security07:01
*** jamielennox|away is now known as jamielennox07:18
*** salv-orlando has quit IRC07:29
*** sdake has joined #openstack-security07:34
*** lhinds_awk has joined #openstack-security07:46
*** lhinds__ has joined #openstack-security07:46
*** lhinds_awk has quit IRC07:53
*** lhinds__ has quit IRC07:53
*** markvoelker has joined #openstack-security07:53
*** markvoelker has quit IRC07:58
*** yaya has joined #openstack-security08:22
*** dmk0202 has joined #openstack-security08:26
*** yaya has quit IRC08:27
*** sdake_ has joined #openstack-security08:32
*** sdake has quit IRC08:35
*** agireud has quit IRC09:50
*** markvoelker has joined #openstack-security09:54
*** sdake_ is now known as sdake09:57
*** markvoelker has quit IRC09:58
*** agireud has joined #openstack-security10:11
*** pcaruana has joined #openstack-security10:11
*** agireud has quit IRC10:39
*** liverpooler has quit IRC10:48
*** shohel has joined #openstack-security10:59
*** liverpooler has joined #openstack-security11:01
*** shohel has quit IRC11:04
*** shohel has joined #openstack-security11:07
*** dmk0202 has quit IRC11:07
*** shohel has quit IRC11:21
*** agireud has joined #openstack-security11:39
*** dmk0202 has joined #openstack-security11:42
*** markvoelker has joined #openstack-security11:55
*** markvoelker has quit IRC11:57
*** markvoelker has joined #openstack-security11:57
*** M1dgard has joined #openstack-security11:57
*** M1dgard has left #openstack-security11:57
*** dave-mccowan has joined #openstack-security12:25
*** sdake has quit IRC12:27
*** jmckind has joined #openstack-security13:27
*** nkinder has joined #openstack-security13:40
*** jmckind has quit IRC13:49
*** jmckind has joined #openstack-security13:52
*** user154752 has joined #openstack-security13:55
*** ametts has joined #openstack-security13:56
*** edtubill has joined #openstack-security13:56
*** d0ugal has quit IRC14:15
*** d0ugal has joined #openstack-security14:17
*** jhfeng has joined #openstack-security14:27
*** tmcpeak has joined #openstack-security14:56
*** rcernin has quit IRC15:07
*** jmckind has quit IRC15:10
*** vinaypotluri has joined #openstack-security15:19
*** yaya has joined #openstack-security15:26
*** openstackgerrit has quit IRC15:33
*** openstackgerrit has joined #openstack-security15:33
*** dmk0202 has quit IRC15:42
*** user154752_ has joined #openstack-security15:44
*** user154752 has quit IRC15:47
*** ccneill has joined #openstack-security15:50
*** tesseract has quit IRC15:54
*** pcaruana has quit IRC15:59
*** austin987 has quit IRC16:03
*** austin987 has joined #openstack-security16:16
*** mdong has joined #openstack-security16:22
*** diazjf has joined #openstack-security16:47
*** diazjf has quit IRC16:50
tmcpeakchair6, sigmavirus24: https://review.openstack.org/#/c/322558/ :\16:56
tmcpeakdo something sigma! :P16:57
*** sigmavirus24 is now known as sigmavirus24_awa17:00
*** woodburn has joined #openstack-security17:00
*** rcernin has joined #openstack-security17:01
*** gmurphy_ is now known as gmurphy17:50
*** nkinder has quit IRC18:01
*** yaya has quit IRC18:17
*** diazjf has joined #openstack-security18:23
*** bpokorny has joined #openstack-security18:47
ccneillhttps://github.com/dxa4481/Pastejacking19:00
ccneill:X19:00
*** diazjf has quit IRC19:00
*** diazjf has joined #openstack-security19:03
tmcpeakccneill: yeah, saw that.  Definitely undesirable property of JS19:03
ccneillyep19:03
ccneilland the mitigation is "be careful"19:04
ccneillwhich is always super helpful to non-technical people19:04
ccneilllol19:04
tmcpeak"I'd like JS to be able to add things to my clipboard with no user intervention" — said nobody ever19:04
ccneill+119:04
ccneillI mean.. I guess I'm happy that it's not happening in flash?19:04
ccneill¯\_(ツ)_/¯19:04
ccneill https://randywestergren.com/widespread-vulnerable-ads-part-two-flash-edition-facebooks-liverail-akamai-adobe-products-affected/19:04
ccneillthis looks fun too19:04
*** mdong has quit IRC19:09
*** mdong has joined #openstack-security19:11
*** jmckind has joined #openstack-security19:15
tristanCheh, you may also be interested in https://conference.hitb.org/hitbsecconf2016ams/materials/D2T2%20-%20Shangcong%20Luan%20-%20Xen%20Hypervisor%20VM%20Escape.pdf19:16
tmcpeaktristanC: ++19:19
*** edtubill has quit IRC19:27
*** edtubill has joined #openstack-security19:28
*** vinaypotluri has quit IRC19:30
*** jmckind has quit IRC19:37
*** sdake has joined #openstack-security19:45
*** mdong has quit IRC19:45
*** sdake_ has joined #openstack-security19:49
*** sdake has quit IRC19:51
*** mdong has joined #openstack-security19:58
*** vinaypotluri has joined #openstack-security19:58
ccneilltristanC: will definitely have to check that out. this is another one that's been in my nightmares for a while: https://arxiv.org/abs/1507.0695520:03
*** diazjf has quit IRC20:04
*** dmk0202 has joined #openstack-security20:05
*** jmckind has joined #openstack-security20:06
*** diazjf has joined #openstack-security20:09
*** diazjf has quit IRC20:16
*** nkinder has joined #openstack-security20:16
tristanCccneill: oh right, we are getting down the rabbit hole now :) But isn't rowhammer mitigated by ecc or bios upgrade ?20:27
*** dmk0202 has quit IRC20:28
*** diazjf has joined #openstack-security20:28
tristanCnote that there isn't much in the hitb slides, but a reminder that hypervisor aren't bug-free20:28
*** diazjf has quit IRC20:29
*** diazjf has joined #openstack-security20:32
*** dmk0202 has joined #openstack-security20:44
ccneilltristanC: my understanding is ECC is an effective mitigation, I'm not sure about BIOS upgrades though20:47
*** jmckind has quit IRC20:48
tristanCwell http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html says so...20:55
*** jmckind has joined #openstack-security20:56
tristanCand ecc may not help according to http://blog.erratasec.com/2015/03/some-notes-on-dram-rowhammer.html20:56
ccneillyeah, that's most of why it haunts my nightmares haha20:56
ccneillit seems to be in a sort of "unresolved" state, where some people are looking into it, but it's not generally appreciated20:57
ccneillGPZ's research was very interesting20:57
*** diazjf has quit IRC20:59
tristanCso... does any of you guys use monitoring probe to check for high rate of cache miss ?21:01
*** diazjf has joined #openstack-security21:04
*** unrahul has joined #openstack-security21:04
ccneill<_< probably should..21:05
tristanCwould be nice to know if it's noticable without false positive on a typical openstack compute node21:08
ccneillwonder how widely it's being exploited in the wild21:13
*** jmckind has quit IRC21:27
*** jmckind has joined #openstack-security21:29
*** edmondsw has quit IRC21:29
*** bpokorny_ has joined #openstack-security21:31
*** bpokorny has quit IRC21:35
*** dmk0202 has quit IRC21:38
*** mdong has quit IRC21:41
*** bpokorny_ has quit IRC21:45
*** bpokorny has joined #openstack-security21:46
*** jhfeng has quit IRC21:51
*** jmckind has quit IRC21:54
*** edtubill has quit IRC21:56
*** diazjf has quit IRC21:57
*** sdake has joined #openstack-security22:10
*** sdake_ has quit IRC22:12
*** ametts has quit IRC22:14
*** turvey has joined #openstack-security22:15
*** turvey has quit IRC22:39
*** turvey has joined #openstack-security22:43
*** bpokorny has quit IRC22:44
*** turvey is now known as mwturvey22:44
*** mwturvey is now known as turvey22:45
*** turvey is now known as mwturvey22:45
*** mwturvey is now known as fragglerock2122:45
*** fragglerock21 has quit IRC22:47
*** mwturvey__ has joined #openstack-security22:48
*** mwturvey__ has quit IRC22:48
*** bpokorny has joined #openstack-security23:08
*** mwturvey__ has joined #openstack-security23:24
« Monday, 2016-05-30 Index Wednesday, 2016-06-01 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!