DECON day 3

if you missed last night’s parties, it was large groups of guys standing around in expensive hotel suites, drinking from red cups, and telling each other how much money they have. i unfortunately couldn’t make it as i had to go play some pok

3 Replies to “DECON day 3”

  1. Glad you liked 🙂 Some clarifications.

    The argument is that there’s some number of milliseconds noise that will forever obscure some number of nanoseconds noise past the point of no return. If this _isn’t_ true, then the non-constant time string comparison in OpenSSH is exploitable. I haven’t been able to model the equation here though.

    It’s *preferable* for VM’s to ask their host to do this replacement /dev/random work, but it seems to work inside of VM’s regardless.

    Could not agree with you more that the PHP hacks are irrelevant until they make it into samples. This is the challenge, making something good enough to make it there.

    The idea is that we should be able to detect censored sites from clients with no deployed code. http://www.censorsweeper.com works ok, and we’ll be able to do way better with Flash spoofing HTTP and HTTPS headers. In the later, we get certs.

    Thanks!

Comments are closed.