[Dailydave] Bring a question, and sunblock.

Dave Aitel dave.aitel at gmail.com
Mon Jan 14 19:26:16 UTC 2019


Project Zero released about five different bugs today in Windows:

This is my favorite bit:
*Ultimately I warned you after cases 36544 and 37954 that you should be
fixing the root cause of normal user’s being able to use the Session
Moniker not playing  whack-a-mole with COM objects. Of course you didn’t
listen then and no doubt you’ll just try and fix browser broker and be done
with it.*

The thing about underlying frameworks, and none is more FUNdamental than
COM, is that they are extremely difficult to fix, and the bugs are far
reaching and typically quite reliable.

Anyways, here's my suggestion when you attend a conference like INFILTRATE:
Come with a question for a speaker. The thing with smaller conferences is
you can literally sit down at the dinner table with James Forshaw and ask
him detailed questions about his process or how he sees the future of
security with COM working out, or where he didn't bother to look or what
bugs are easy or hard to find. Pick any INFILTRATE speaker, and PREPARE a
question about their research.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20190114/e7d32cee/attachment.html>

More information about the Dailydave mailing list