[Dailydave] Reminder: I attend painful meetings so you don't have to

Fri Dec 11 12:45:06 EST 2015

Andrew,

CFG does not protect against valid path computing invalid data, aka,
data-only attacks.  I believe that is what Sergey meant, but copying him to
grow the discussion ;)

regards,
On Dec 11, 2015 6:40 AM, "Andrew" <munin at mimisbrunnr.net> wrote:

> > Dr. Sergey Bratus did an excellent job of looking at how there is NO
> WAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM.
>
> Really?
>
> What about the information that Control Flow Guard generates? Then
> there's a map of "for each indirect branch, these are the allowable
> targets of that indirect branch." It seems that any control flow
> integrity system builds and describes some approximation of the
> "standard execution paths of a program" by design.
>
> Of course even if you get "execution path" right it doesn't even capture
> stuff like side channels, which I guess is what Bratus is talking about
> when he says "Advanced exploitation is rapidly becoming synonymous with
> the system operating exactly as designed — and yet getting manipulated
> by attackers" although I don't know if "attacks from the 70s" are really
> "advanced" ...
>
> On 12/09/2015 02:30 PM, Dave Aitel wrote:
> >
> http://cybersecpolitics.blogspot.com/2015/12/the-force-awakens-dec-8-wassenaar.html
> >
> > You should read that probably. Basically everyone on this list is
> > effected by those issues.
> >
> > -dave
> >
> >
> >
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave at lists.immunityinc.com
> > https://lists.immunityinc.com/mailman/listinfo/dailydave
> >
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20151211/c42802d3/attachment.html>