[Dailydave] "Seeing is believing"
Dave Aitel
dave at immunityinc.com
Tue Mar 19 11:23:03 EDT 2013
So a while back I asked what the point of PWN2OWN was, and Mark Dowd
said that of course many people have never SEEN a modern exploit, and
hence it has some strategic value. I think for Google it's also useful
to see what new bugclasses exist in their products that people have not
otherwise publicly told them about, as well. The main bugclass is being
arrogant enough to believe they can write something memory safe in C++,
but we'll get to that later. :>
In any case, Linux's kernel is also written in C (and asm!). And we've
updated our PTRACE exploit in CANVAS Early Updates so now it works on
hard iron, vm's, basically everything Linux because updating Linux is
painfully hard. CANVAS Early Updates is not expensive - ya'll should
subscribe.
-dave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130319/ede8b5a4/attachment.sig>
More information about the Dailydave
mailing list