Friday, November 3, 2017

Re: [Caja] WASM and ocaps

Interesting!

On Nov 3, 2017 5:56 PM, "Mark Miller" <erights@gmail.com> wrote:
At the latest wasm (Web Assembly) standards meeting, I pointed out that wasm is already an OS-like ocap system: A wasm instance, with its linear data space + table of opaque external functions/objects is already a process-granularity-like unit of isolation with an address space and a clist. A wasm computation addresses its clist entries by clist index as expected. In addition, wasm currently obeys the following restriction.

> WebAssembly instances must never be able to cause effects other than by wielding explicitly granted access (e.g. the importObject in a JS embedding).

According to Andreas Rossberg (cc'ed), this is on purpose, even though the people in the room at the time did not seem to know that. I suggested that it be made normative, so security uses of this restriction would not be compromised by later "enhancements" that accidentally break this unarticulated restriction.

is the one to watch. Assuming I do a good job clarifying the agreement we just came to, and assuming the agreement holds in the face of these clarifications, it looks like wasm will explicitly be the object-capability system it was designed to be.

Andreas and Bradley (also cc'ed), please clarify or expand as appropriate. If you don't want to subscribe to these lists, send your posts to me and I will forward. Thanks.

--
  Cheers,
  --MarkM

--

---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-caja-discuss+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Friday, October 27, 2017

BBC News: Artificial intelligence smart enough to fool Captcha security check

I saw this on the BBC and thought you should see it:

Artificial intelligence smart enough to fool Captcha security check - http://www.bbc.co.uk/news/technology-41775968

* Disclaimer *

The BBC is not responsible for the content of this email, and anything written in this email does not necessarily reflect the BBC's views or opinions. Please note that neither the email address nor name of the sender have been verified.

Thursday, October 26, 2017

The KRACK Wi-Fi vulnerability, explained like you're five

The KRACK Wi-Fi vulnerability, explained like you're five
https://thenextweb.com/security/2017/10/17/krack-explained-like-youre-five-years-old/

Tuesday, October 10, 2017

Friday, October 6, 2017

Re: Unit 42 Threat Intelligence ALERT

Update

On Oct 6, 2017 14:29, Palo Alto Networks <marketing-emails@paloaltonetworks.com> wrote:
Unit 42 Threat Intelligence ALERT

If you're having trouble reading this message, click here

Threat Research. The next step in Threat Intelligence.
Read the latest research>

FREEMILK: A HIGHLY TARGETED SPEAR PHISHING CAMPAIGN

In May 2017, Palo Alto Networks Unit 42 identified a limited spear phishing campaign targeting various individuals across the world. The threat actor leveraged... Read more >

THREAT ACTORS TARGET GOVERNMENT OF BELARUS USING CMSTAR TROJAN

Palo Alto Networks Unit 42 has identified a series of phishing emails containing updated versions of the previously discussed CMSTAR malware family... Read more >

THREAT BRIEF: CONVERSATION HIJACKING SPEAR PHISHING

Spear Phishing is a specific attack technique that has become widely used in the past few years. In our new research blog "FreeMilk: A Highly Targeted Spear Phishing Campaign"... Read more >

 
 
Email
LinkedIn
Facebook
Twitter
Phone
© 2017 Palo Alto Networks, Inc. All rights reserved.
3000 Tannery Way, Santa Clara, CA 95054
Privacy Policy | Terms of Use | Email Preferences
www.paloaltonetworks.com

Thursday, October 5, 2017

Re: App VJ Foot Spa shared by Ken Hh

ken

On Oct 3, 2017 4:54 PM, Ken Hh <noreply@appsheet.com> wrote:
Ken Hh shared an app with you!
Hello! I have created this app with AppSheet and am sharing it with you.

To install the 'VJ Foot Spa' app, please click the link below on your mobile device and follow the instructions:
You can also run the app in your web browser by clicking the link below:
Need more help?


Thursday, September 21, 2017

Cost of Ransom ware attack on FedEx

https://www.engadget.com/2017/09/21/fedex-ransomware-notpetya/

ken

Reuters: Exclusive: U.S. Homeland Security found SEC had 'critical' cyber weaknesses in January

From Reuters News:

Exclusive: U.S. Homeland Security found SEC had 'critical' cyber weaknesses in January
http://www.reuters.com/article/us-sec-cyber-weaknesses-exclusive/exclusive-u-s-homeland-security-found-sec-had-critical-cyber-weaknesses-in-january-idUSKCN1BW27P

The U.S. Department of Homeland Security detected five "critical" cyber security weaknesses on the Securities and Exchange Commission's computers as of January 23, 2017, according to a confidential weekly report reviewed by Reuters.

This service is not intended to encourage spam. The details provided have been used for the sole purpose of facilitating this email communication and have not been retained by Thomson Reuters.

ken

Reuters | Homeland Security detected five critical cyber security weaknesses in SEC's computers in January: confidential report

Homeland Security detected five critical cyber security weaknesses in SEC's computers in January: confidential report

Get updates at Reuters.com

ken

Monday, August 28, 2017