Tink

I just posted on the Google Security Blog an official announcement for Tink: https://security.googleblog.com/2018/08/introducing-tink-cryptographic-software.html.I cannot overestimate how important this milestone is. When we started Tink was a personal 120% project with no official headcount, and always on the brink of being canceled. There were a lot of ups and downs, but…

Introducing the Tink cryptographic software library

Posted by Thai Duong, Information Security Engineer, on behalf of Tink teamAt Google, many product teams use cryptographic techniques to protect user data. In cryptography, subtle mistakes can have serious consequences, and understanding how to implement cryptography correctly requires digesting decades' worth of academic literature. Needless to say, many developers…

From Compiler Optimization to Code Execution – VirtualBox VM Escape – CVE-2018-2844

Oracle fixed some of the issues I reported in VirtualBox during the Oracle Critical Patch Update - April 2018. CVE-2018-2844 was an interesting double fetch vulnerability in VirtualBox Video Acceleration (VBVA) feature affecting Linux hosts. VBVA feature works on top of VirtualBox Host-Guest Shared Memory Interface (HGSMI), a shared memory…