Stefan Gast

@[email protected]
229 Followers
327 Following
1,057 Posts

PhD Candidate in the CoreSec group at #TUGraz, focusing on side-channel security. Apart from that, I also post #Linux and #privacy related stuff.

Opinions posted here are my own and do not necessarily reflect those of my employer.

Websitehttps://stefangast.eu
Stefan Gast16h ago
Thorsten Leemhuis (acct. 1/4)17h ago

In case you encounter stuttering/periodic lockups with #linux 7.0, especially on AMD systems, try this patch:

https://lore.kernel.org/all/177636758252.1323100.5283878386670888513.tip-bot2@tip-bot2/

For some reports about the issue, see:
* https://lore.kernel.org/all/68d1e9ac-2[email protected]/
* https://bugzilla.kernel.org/show_bug.cgi?id=221370
* https://bugzilla.kernel.org/show_bug.cgi?id=221367

#kernel #LinuxKernel

[tip: timers/urgent] clockevents: Add missing resets of the next_event_forced flag - tip-bot2 for Thomas Gleixner

Stefan Gast19h ago
Felicitas Pojtinger 🌅21h ago

RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749

Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.

Stefan Gast1d ago
GeofCox1d ago

RE: https://techhub.social/@manlycoffee/116415429272342259

It must be added - on this Estonia is smarter than most of the rest of Europe too...

Stefan Gast1d ago
crimsonfall1d ago

so now there’s a proposed federal U.S. bill that mandates EVERY OS to verify your age on setup, regardless if you’re an adult or not or if you even want this feature…
and they call it the Parents Decide Act.

excellent  

https://itsfoss.com/news/os-level-age-verification-across-us/

#ageverification #bigtech #Linux

Oh No! Now A Federal Bill Wants OS-Level Age Verification for Everyone in the USA

If passed, the bill would apply across the U.S., unlike the state-level laws already around.

It's FOSS
Stefan Gast1d ago
Linux Kernel Security1d ago

From KernelSnitch to Practical msg_msg/pipe_buffer Heap KASLR Leaks

Article by Lukas Maar about evaluating the KernelSnitch timing side-channel attack on a variety of systems, including Android.

The attack allows leaking addresses of exploitation-relevant kernel allocations.

Lukas also published the source code for executing the attack.

Article: https://lukasmaar.github.io/posts/heap-kaslr-leak/index.html
Source: https://github.com/lukasmaar/kernelsnitch

Stefan Gast1d ago
Kuketz-Blog 🛡1d ago

Anthropic führt für bei Claude offenbar eine Identitätsprüfung ein. Laut FAQ läuft das über den Dienstleister Persona und kann einen amtlichen Lichtbildausweis sowie ein Live-Selfie erfordern.

Für einen KI-Chatbot ist das ein bemerkenswerter Schritt. Wer so etwas nutzt, gibt nicht nur Prompt-Inhalte preis, sondern im Zweifel gleich noch Ausweisdaten und biometrische Merkmale. Aus Datenschutzsicht ist das keine Kleinigkeit, sondern eine weitere Verschiebung hin zu Klarnamenpflicht und Identifizierungszwang. 👇

https://support.claude.com/en/articles/14328960-identity-verification-on-claude

#Claude #KI #Bullshit #Ageverification

Identity verification on Claude | Claude Help Center

Stefan Gast3d ago
ISEC @ TU GrazApr 10
Thank you for joining us at the TU Graz Open Day! 😊
Show threadStefan Gast3d ago
@vmcall Thanks for the hint! 🙂
Stefan Gast3d ago

Interesting work on AMD SEV-SNP by Benedict Schlüter, Christoph Wech and @Shweta: https://fabricked-attack.github.io/

By reconfiguring data fabric routing from the untrusted, hypervisor-controlled UEFI firmware, they redirect Platform Security Processor (PSP) memory accesses, compromising SEV-SNP initialization, particularly the Reverse Map Table (RMP).

#Fabricked #sevsnp #security #hardwaresecurity #confidentalcomputing

Fabricked: Misconfiguring Infinity Fabric to Break AMD SEV-SNP

Confidential computing allows cloud tenants to offload sensitive computations and data to remote resources without needing to trust the cloud service provider. Hardware-based trusted execution environments, like AMD SEV-SNP, achieve this by creating Confidential Virtual Machines (CVMs). With Fabricked, we present a novel software-based attack that manipulates memory routing to compromise AMD SEV-SNP. By redirecting memory transactions, a malicious hypervisor can deceive the secure co-processor (PSP) into improperly initializing SEV-SNP. This enables the attacker to perform arbitrary read and write access within the CVM address space, thus breaking SEV-SNP core security guarantees.

Fabricked
Stefan Gast3d ago
René Mayrhofer  ðŸ‡ºðŸ‡¦3d ago

Last Saturday, I was honored and delighted to give the keynote at Grazer Linuxtage #GLT26, a large #Linux event with a lot of history (23 years and counting!) and still a dedicated team behind it.

Title: "What can we learn from Android for other embedded Linux systems security?"

Slides are available at https://pretalx.linuxtage.at/glt26/talk/J8GCHE/, talk recording at https://media.ccc.de/v/glt26-615-what-can-we-learn-from-android-for-other-embedded-linux-systems-security

What can we learn from Android for other embedded Linux systems security? Grazer Linuxtage 2026

Android has become the primary operating system for a significant part of the global population, and it uses Linux at its core. While the user space stack on top of the kernel is vastly different from the usual desktop distributions, lessons learnt in Android platform development are valuable to other (embedded) Linux systems. In particular, Android has pioneered the scaled deployment of a number of security measures, from application level sandboxing and permissions to fine-grained SELinux policies and dm-verity for system partition integrity. However, the most difficult challenge seems protecting against insider attacks, potentially with access to private signing keys. These mitigations can be used for other embedded Linux systems as well, and this talk should be seen as a call to action to try and adopt some of them more broadly in the embedded Linux ecosystem.