Our paper "svc-hook: hooking system calls on ARM64 by binary rewriting" has been accepted at ACM/IFIP International Middleware Conference. middleware-conf.github.io/20…

結婚しました

BitLockerすり抜ける「YellowKey」脆弱性。発見者曰く「意図的なバックドア」 pc.watch.impress.co.jp/docs/…

Lenovo acquires Phoenix Technologies’ BIOS business videocardz.com/newz/lenovo-a…

グレブナー基底だ

理系であることを内面化しすぎると良くないなあと思いました

Welcome home Reid, Victor, Christina, and Jeremy! 🫶 The Artemis II astronauts have splashed down at 8:07pm ET (0007 UTC April 11), bringing their historic 10-day mission around the Moon to an end.

Intel SGX has fallen! Its most important key is in our hands: we extracted the Global Wrapping Key from an instance of the Intel Gemini Lake platform

Kernel/VM探検隊＠つくば No3 に参加を申し込みました！ kernelvm.connpass.com/event/… #kernelvm

カーネルバイパスによる通信高速化の基本 に参加を申し込みました！ iijlab-seminars.connpass.com…

BitVisor Summit 14 に参加を申し込みました！ bitvisor.connpass.com/event/…

AI驚き屋おじさんになっちゃった

Daniel is stepping down as a GRUB maintainer GRUBで長いことメンテナやっていたDaniel Kiperさんやめるそうです lists.gnu.org/archive/html/g…

これすき

sushifyしたい

雪の国会議事堂、練馬ナンバーのパトカー一台止まっているだけというのもとても良かった

桜田門の様子でも見に行くか

my talk at fosdem kernel devroom (usermode linux without MMU) speakerdeck.com/thehajime/us…

書いた記事が公開されました。ちゃんと人間が責任持ちましょうねという話です

🛡️勉強会×生成AI×責任ある検証で脆弱性を発見🛡️ 社内のセキュリティ勉強会での学びをきっかけに、生成AIを活用した調査手法でハイパーバイザの脆弱性を発見しました。 調査に生成AIをうまく使いつつ、最後は人が責任を持って検証と報告を行った実践記録をぜひご覧ください。 ricercasecurity.blogspot.com…

This week’s reporting on the alleged Everest ransomware breach of ASRock Rack should be a wake-up call for anyone relying on modern server, storage, and cloud hardware. When an enterprise vendor’s internal repositories of firmware, BIOS, BMC code, diagnostic tools, and drivers are exposed, supply chain integrity is in jeopardy.  Adversaries gain insight into board layouts, update mechanisms, and secure boot flows, which accelerates vulnerability discovery and makes it easier to craft implants that look “authentic”. Implants come in many shapes and forms,s including repackaged drivers, UEFI images, and recovery media. In the worst case, compromise at this level undermines the hardware root of trust itself: if attackers can subvert firmware signing, update channels, or UEFI components, they can persist below the operating system, survive reimaging, and silently bypass many controls. Incidents like this underscore that supply-chain attacks targeting firmware and UEFI are now strategic targets, not edge cases. Defenders need to assume that detailed knowledge of platform internals is in adversary hands and respond by monitoring below the OS as a first-class requirement.  Measuring firmware integrity at boot, continuously attesting critical components (UEFI, BMC, NICs, RAID controllers), and watching out-of-band management paths for anomalous behavior is important. The trust model for infrastructure is shifting, and security programs that do not include firmware and UEFI telemetry are already behind the curve. Article: cyberdaily.au/security/13120…