[HN Gopher] One Byte to rule them all ___________________________________________________________________ One Byte to rule them all Author : cjbprime Score : 131 points Date : 2020-07-30 16:35 UTC (2 days ago) (HTM) web link (googleprojectzero.blogspot.com) (TXT) w3m dump (googleprojectzero.blogspot.com) | twoodfin wrote: | Seems like the high-level lesson is that tagged unions as | traditionally implemented can be vulnerable in a manner that | pointer/address-focused mitigations don't affect? | tlb wrote: | Indeed, a small integer tag seems much more vulnerable than a | C++ virtual table pointer. | | On modern hardware, how much is the penalty for using magic | numbers instead of small indices? (A magic number meaning a | constant like 0x85adb9ad instead of 2). The compiler can't | optimize switch(it->type) using a jump table, but I suspect | that branch prediction and speculation makes this optimization | barely relevant. | kevincox wrote: | A jump table isn't likely used for very small unions anyways. | The biggest downside that I see is that comparing with zero | is slightly cheaper if that is a common value. | fortran77 wrote: | iOS is full of holes. How can Apple in good faith say it is | "secure by design?" (See | https://www.apple.com/business/docs/site/AAW_Platform_Securi... ) | glitchc wrote: | Let's give a experienced group of hackers nearly unlimited | budget to find security holes in your competitor's products. | | There's of course, zero bias in that approach, none whatsoever. | /s | | If project zero spent even half as much time finding and fixing | security exploits in Android as they do just finding exploits | in IOS, Google would have a truly competitive product from a | security perspective. | as1mov wrote: | FYI, it's not just Project Zero. Zerodium stopped paying for | iOS exploits due to oversupply[1][2] | | [1]: https://appleinsider.com/articles/20/05/14/software-bug- | brok... | | [2]: https://twitter.com/Zerodium/status/1260541578747064326 | cjsawyer wrote: | The LotR section headings were a nice touch | hootbootscoot wrote: | great stuff | simonebrunozzi wrote: | > Project Zero | | > News and updates from the Project Zero team at Google | | >For the last several years, nearly all iOS kernel exploits ... | | Damn, Googlers... Still incapable of explaining things to people. | What the hell is Project Zero? Why don't you explain it in your | tagline? If not, why not at the beginning of the article? | | Edit: this sentence in the "about" section does the job: | | > Project Zero is a team of security researchers at Google who | study zero-day vulnerabilities in the hardware and software | systems that are depended upon by users around the world | | I suggest you change the tagline to something like "Studying | zero-day vulnerabilities at Google". | cjbprime wrote: | Huh, I submitted this two days ago -- why does it say two hours | ago? | kencausey wrote: | Assuming this was reposted 'automatically' you should have | received an email from HN at the email associated with your HN | account telling you that it was going to happen. At least I | have received such emails in the past. | DanBC wrote: | dang talks about the "second chance" queue here: | https://news.ycombinator.com/item?id=11662380 | | Sometimes they see a post that didn't get attention, and so | they re-up it. Usually, but not always, you get an email to let | you know. | cjbprime wrote: | Thanks, that was it! (I didn't get an email.) | simonebrunozzi wrote: | I think you always get the email, perhaps it went into your | spam folder? | | The first time I saw such an email I felt great!! Look for | it. | vasco wrote: | It's common for mods to game the system and resubmit stories | they believe are good. | MaxLeiter wrote: | Not sure why this is downvoted. They do do that. | JoshTriplett wrote: | Likely because "game the system" has a strong negative | connotation that seems unwarranted. | b4ke wrote: | Only if you can actually speak to the motivation behind | the act.... right? | supernova87a wrote: | It's the invited post list: | https://news.ycombinator.com/invited | trekrich wrote: | So what does it mean?! | formerly_proven wrote: | iOS has a lot of layers and mitigations both in software and | proprietary hardware that aren't found in other systems. Keep | in mind that this story would be 20 % the length on other | systems, because "physical memory read/write primitive" would | be a total break. | trekrich wrote: | thanks for that. ___________________________________________________________________ (page generated 2020-08-01 23:00 UTC)