Fuchsia OS – Still a long way to high security

An experienced Linux kernel developer and hacker tries common tricks on the upcoming OS. The attempt shows that the security-first approach is not absolute: some parts of the kernel were written insecure and will have to be amended later. Some points are already plotted (KASLR is not yet implemented) but others are not.

Using a Fuchsia kernel in degraded mode, ie without security feature called SMAP (Supervisor Mode Access Prevention), a POC of rootkit have been demonstrated.

This blog post also shows that even if Fuchsia is very different from Linux, the hacking reflexes are the same.

Even if Fuchsia OS looks promising, a long journey still awaits Google before fulfilling the promise of a highly secure OS.

A Kernel Hacker Meets Fuchsia OS

LettuceEncrypt: Free, automatic HTTPS certificate generation for ASP.NET Core web apps

Easy way to use Let’s Encrypt in Kestrel scenarios: LettuceEncrypt for ASP.NET Core

Cons:

  • only work when kestrel receive encrypted traffic (either in edge mode or behind a TCP load balancer transmitting encrypted traffic),
  • This repos in in maintenance mode.

Pros:

  • a Nate McMaster project even if he is no longer a MS employee,
  • Storage is largely customizable : Let’s Encrypt account private key, generated certificate,
  • have been choosen as documented way of adding Let’s Encrypt support in Yarp.