From 7c5c2081e169b8fd029a0bbabc83d37f22caab78 Mon Sep 17 00:00:00 2001 From: Tommy Date: Tue, 5 Dec 2023 16:36:50 -0700 Subject: [PATCH 1/4] Fix IOMMU kernel param Signed-off-by: Tommy --- content/posts/linux/Desktop Linux Hardening.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/posts/linux/Desktop Linux Hardening.md b/content/posts/linux/Desktop Linux Hardening.md index c81f0f7..45111ad 100644 --- a/content/posts/linux/Desktop Linux Hardening.md +++ b/content/posts/linux/Desktop Linux Hardening.md @@ -320,7 +320,7 @@ Further reading: ##### DMA mitigations ``` -intel_iommu=on amd_iommu=on efi=disable_early_pci_dma iommu.passthrough=0 iommu.strict=1 +intel_iommu=on amd_iommu=force_isolation efi=disable_early_pci_dma iommu=force iommu.passthrough=0 iommu.strict=1 ``` [Direct memory access (DMA) attacks](https://en.wikipedia.org/wiki/DMA_attack) can be mitigated via IOMMU and [disabling certain kernel modules](#kernel-modules). Furthermore, [strict enforcement of IOMMU TLB invalidation](https://github.com/Kicksecure/security-misc/blob/master/etc/default/grub.d/40_enable_iommu.cfg) should be applied so devices will never be able to access stale data contents. From 2f99cef29697d5bfa79bc7438df9ae621a780895 Mon Sep 17 00:00:00 2001 From: Tommy Date: Wed, 6 Dec 2023 23:21:42 -0700 Subject: [PATCH 2/4] Update Hosting information Signed-off-by: Tommy --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 280b266..f66f9bc 100644 --- a/README.md +++ b/README.md @@ -14,9 +14,9 @@ Posts are licensed under the [Creative Commons Attribution‑ShareAlike The [WonderMod](https://github.com/Wonderfall/hugo-WonderMod) theme (and its upstream [PaperMod](https://github.com/adityatelange/hugo-PaperMod)) is licensed under the [MIT License](https://github.com/Wonderfall/hugo-WonderMod/blob/master/LICENSE). Except where otherwise noted, PrivSec.dev's modifications to WonderMod are also licensed under the MIT License. -## Hosting (Netlify) +## Hosting -The https://privsec.dev website is hosted by [Netlify](https://netlify.com). Netlify will automatically generate previews for pull requests and on pull request updates. +The https://privsec.dev website is hosted by [Cloudflare Pages](https://pages.cloudflare.com/). Website previews are automatically generated by [Netlify](https://www.netlify.com/). ## Local Working Environment From 2b0c63ad2499bd3654ad759c7d4cd5c3d96f281f Mon Sep 17 00:00:00 2001 From: Tommy Date: Wed, 6 Dec 2023 23:59:43 -0700 Subject: [PATCH 3/4] Update Permissions-Policy Signed-off-by: Tommy --- static/_headers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/_headers b/static/_headers index c9b19d0..d8f1f43 100644 --- a/static/_headers +++ b/static/_headers @@ -5,7 +5,7 @@ Referrer-Policy : no-referrer X-Frame-Options : DENY X-XSS-Protection : 0 - Permissions-Policy : accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), browsing-topics=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=() + Permissions-Policy : accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), bluetooth=(), browsing-topics=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), usb=(), sync-xhr=(), xr-spatial-tracking=() Cross-Origin-Resource-Policy : same-origin Cross-Origin-Embedder-Policy : require-corp # Cross-Origin-Opener-Policy : same-origin From 416227864c612a2854b28e2e07a111504ad37435 Mon Sep 17 00:00:00 2001 From: spring-onion <133713420+spring-onion@users.noreply.github.com> Date: Thu, 7 Dec 2023 22:49:58 +0100 Subject: [PATCH 4/4] Update banking app reports 265 and 309, add 343, 344, 345 and 347 (#187) --- .../Banking Applications compatibility with GrapheneOS.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/content/posts/android/Banking Applications compatibility with GrapheneOS.md b/content/posts/android/Banking Applications compatibility with GrapheneOS.md index d8e79ef..3fc10b4 100644 --- a/content/posts/android/Banking Applications compatibility with GrapheneOS.md +++ b/content/posts/android/Banking Applications compatibility with GrapheneOS.md @@ -64,6 +64,7 @@ TEST: Test url again after removing the parameters and verify there is no mistak - [Bendigo Bank](https://play.google.com/store/apps/details?id=com.bendigobank.mobile) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/88) - [CommBank](https://play.google.com/store/apps/details?id=com.commbank.netbank) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/75) - [ME Bank](https://play.google.com/store/apps/details?id=au.com.mebank.banking) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/203) +- [MyState: The human way to bank](https://play.google.com/store/apps/details?id=com.mystate.app) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/345) - [NAB Mobile Banking](https://play.google.com/store/apps/details?id=au.com.nab.mobile) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/76) - [Ubank Money App](https://play.google.com/store/apps/details?id=au.com.bank86400) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/156) - [Up — Easy Money](https://play.google.com/store/apps/details?id=au.com.up.money) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/102) @@ -123,6 +124,7 @@ TEST: Test url again after removing the parameters and verify there is no mistak - [George Česko](https://play.google.com/store/apps/details?id=cz.csas.georgego) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/251) - [George klíč](https://play.google.com/store/apps/details?id=cz.csas.app.georgeklic) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/251) - [My Air](https://play.google.com/store/apps/details?id=cz.airbank.android) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/31) +- [Raiffeisen bankovnictví](https://play.google.com/store/apps/details?id=cz.rb.app.smartphonebanking) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/347) ### Denmark @@ -166,6 +168,7 @@ TEST: Test url again after removing the parameters and verify there is no mistak - [finanzen.net zero Aktien & ETF](https://play.google.com/store/apps/details?id=de.gratisbroker.android.mobileapp) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/321) - [finanzen.net zero Secure TAN](https://play.google.com/store/apps/details?id=de.gratisbroker.android.securetan) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/322) - [flatex next: Aktien und ETF](https://play.google.com/store/apps/details?id=de.xcom.flatexde) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/59) +- [GLS Banking](https://play.google.com/store/apps/details?id=de.gls.banking.app) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/344) - [ING Banking to go](https://play.google.com/store/apps/details?id=de.ingdiba.bankingapp) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/48) - [Klarna | Shop now. Pay later.](https://play.google.com/store/apps/details?id=com.myklarnamobile) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/314) - [Kontist](https://play.google.com/store/apps/details?id=com.kontist) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/23) @@ -347,6 +350,7 @@ TEST: Test url again after removing the parameters and verify there is no mistak ### Slovakia - ~~[365.bank](https://play.google.com/store/apps/details?id=bank.sk365.app)~~ - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/326) +- [George Slovakia](https://play.google.com/store/apps/details?id=sk.slsp.georgego) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/343) - [Tatra banka](https://play.google.com/store/apps/details?id=sk.tb.ib.tatraandroid) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/325) ### Slovenia @@ -404,7 +408,7 @@ TEST: Test url again after removing the parameters and verify there is no mistak ### Thailand -- [K PLUS](https://play.google.com/store/apps/details?id=com.kasikorn.retail.mbanking.wap) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/265) +- ~~[K PLUS](https://play.google.com/store/apps/details?id=com.kasikorn.retail.mbanking.wap)~~ - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/265) - [SCB Easy](https://play.google.com/store/apps/details?id=com.scb.phone) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/195) - [ShopeePay](https://play.google.com/store/apps/details?id=com.beeasy.airpay) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/335) - [UOB TMRW Thailand](https://play.google.com/store/apps/details?id=com.uob.mightyth2) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/333) @@ -428,7 +432,7 @@ TEST: Test url again after removing the parameters and verify there is no mistak - [Chase UK](https://play.google.com/store/apps/details?id=com.chase.intl) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/69) - [The Co-operative Bank](https://play.google.com/store/apps/details?id=com.cooperativebank.bank) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/205) - [first direct](https://play.google.com/store/apps/details?id=com.firstdirect.bankingonthego) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/128) -- [Halifax Mobile Banking](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/309) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/309) +- ~~[Halifax Mobile Banking](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/309)~~ - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/309) - [HSBC UK Mobile Banking](https://play.google.com/store/apps/details?id=uk.co.hsbc.hsbcukmobilebanking) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/33) - ~~[Lloyds Bank Mobile Banking](https://play.google.com/store/apps/details?id=com.grppl.android.shell.CMBlloydsTSB73)~~ - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/53) - [M&T Mobile Banking](https://play.google.com/store/apps/details?id=com.mtb.mbanking.sc.retail.prod) - [Report](https://github.com/PrivSec-dev/banking-apps-compat-report/issues/305)