» »

No more free bugs

No more free bugs

denial ::

Očitno globalna recesija načenja tudi področje računalniške varnosti 8-)


Alexander Sotirov (levo) in Dino Dai Zovi (desno) na konferenci CanSecWest.

Za poslastico pa še intervju z Charlie Millerjem, kjer poba pove veliko zanimivega o bugih, exploitih (in ekonomski vrednosti le-teh), varnosti, itd. Obvezno branje!
SELECT finger FROM hand WHERE id=3;

Icematxyz ::

Why Safari? Why didn’t you go after IE or Safari (on windows)?

It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it.


Se človek zamisli.

Google Chrome was the one target left standing. Surprised?

There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. The’ve got that sandbox model that’s hard to get out of.


To bo tudi Microsoft uporabljal v bodoče če se ne motim?

Highlag ::

Zanimivo tole...
Očitno bodo počasi vsi programi delovali znotraj nekega navideznega stroja. Po eni strani je zaradi varnosti super, po drugi pa bodo izdelovalci postali šlampasti - češ saj je še sandbox vmes, ki skrbi za varnost. Ponavadi pa se takšno mišljenje prej ko slej maščuje...
Never trust a computer you can't throw out a window

denial ::

11 od 14 pomanjkljivosti katere odpravlja MS09-017 je bilo prodanih iDefense ali TippingPoint in nato posredovanih MS via responsible disclosure. No more free bugs apparently works.
SELECT finger FROM hand WHERE id=3;

Tr0n ::

I think what you see with Chrome and sandboxing, that’s where everyone needs to go. It’ll take a few years but that will have to be the standard.

For all the browsers on operating systems, the hardest target is Firefox on Windows. With Firefox on Mac OS X, you can do whatever you want. There’s nothing in the Mac operating system that will stop you.

Ali po domace, Windows in Chrome rule y0! :)

opeter ::

Potem pa Apple reklamira, kako ubervaren je njihov OS.
Hrabri mišek (od 2015 nova serija!) -> http://tinyurl.com/na7r54l
18. november 2011 - Umrl je Mark Hall, "oče" Hrabrega miška
RTVSLO: http://tinyurl.com/74r9n7j

denial ::

90% uporabnikov sploh ne pozna pomankljivosti svojega "omiljenega" sistema. Če jim to poveš, potem so užaljeni. Še več, prepričani so da je tvoje življensko poslanstvo pljuvanje čez njihov fetiš. Ignorance is bliss.
SELECT finger FROM hand WHERE id=3;


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

Flash prihodnost spleta? (strani: 1 2 )

Oddelek: Novice / --Nerazporejeno--
5017849 (16188) root987
»

Heker zahteval pet dolarjev od lastnikov iPhonov

Oddelek: Novice / Apple iPhone/iPad/iPod
255847 (4375) XS!D3
»

Nov članek: "All your firmware are belong to us" (strani: 1 2 3 )

Oddelek: Novice / Nova vsebina
13815926 (12766) arrigo
»

Google izdal lasten brskalnik (strani: 1 2 3 4 5 6 7 8 )

Oddelek: Novice / Brskalniki
36039098 (21158) Tr0n
»

Tisti ki obvladate ang, plz help!

Oddelek: Šola
362493 (1935) Zeberdee

Več podobnih tem