<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<a class="moz-txt-link-freetext" href="https://vimeo.com/121925542">https://vimeo.com/121925542</a> - The RomPager bug done up for CANVAS
Users!<br>
<br>
I want to point out always that only writing the exploit gets you
the ground truth about bugs. Until you have done that, it is all
insinuations and rumors. Sometimes only USING the exploit in the
wild tells you if it will really work. That's why hackers are always
like "This worked in the wild". That's a real thing. It's not
boasting so much as just <i>the most useful kind of information</i>.
The lab Windows domain setup is not at all the same as random box
out there running so much crapware that nearly every part of it has
been replaced, like the guy in the new Robocop movie who has to
rediscover his humanity in some sort of twisted allegory about the
USA discovering its own humanity in an age of intelligence driven
drone-war.<br>
<br>
You know how with fortune cookies it's typical to add "in bed" to
the end of the fortune? With security products it's normal to add
"Except when it doesn't" to the end of all their claims. IPS
protects you from network attacks? Except when it doesn't. AV blocks
malicious 0days using advanced heuristics? Except when it doesn't.
And so on. :)<br>
<br>
Figuring out that edge case can only be done with not just with an
"offensive mindset" - but in general, by actually doing the
offensive work so many people think is beneath them.<br>
<br>
-dave<br>
(P.S. Coming to INFILTRATE is a good idea.)<br>
</body>
</html>