Dailydave mailing list archives
Re: Reminder: I attend painful meetings so you don't have to
From: Rodrigo Branco <rodrigo () kernelhacking com>
Date: Fri, 11 Dec 2015 09:45:06 -0800
Andrew, CFG does not protect against valid path computing invalid data, aka, data-only attacks. I believe that is what Sergey meant, but copying him to grow the discussion ;) regards, On Dec 11, 2015 6:40 AM, "Andrew" <munin () mimisbrunnr net> wrote:
Dr. Sergey Bratus did an excellent job of looking at how there is NOWAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM. Really? What about the information that Control Flow Guard generates? Then there's a map of "for each indirect branch, these are the allowable targets of that indirect branch." It seems that any control flow integrity system builds and describes some approximation of the "standard execution paths of a program" by design. Of course even if you get "execution path" right it doesn't even capture stuff like side channels, which I guess is what Bratus is talking about when he says "Advanced exploitation is rapidly becoming synonymous with the system operating exactly as designed — and yet getting manipulated by attackers" although I don't know if "attacks from the 70s" are really "advanced" ... On 12/09/2015 02:30 PM, Dave Aitel wrote:http://cybersecpolitics.blogspot.com/2015/12/the-force-awakens-dec-8-wassenaar.htmlYou should read that probably. Basically everyone on this list is effected by those issues. -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Reminder: I attend painful meetings so you don't have to Dave Aitel (Dec 09)
- Re: Reminder: I attend painful meetings so you don't have to Arrigo Triulzi (Dec 11)
- Re: Reminder: I attend painful meetings so you don't have to Andrew (Dec 11)
- Re: Reminder: I attend painful meetings so you don't have to Rodrigo Branco (Dec 18)
- Re: Reminder: I attend painful meetings so you don't have to Andrew (Dec 18)
- Re: Reminder: I attend painful meetings so you don't have to dan (Dec 20)
- Re: Reminder: I attend painful meetings so you don't have to Chris Rohlf (Dec 21)
- Re: Reminder: I attend painful meetings so you don't have to James Gannon (Dec 21)
- Re: Reminder: I attend painful meetings so you don't have to Mara Tam (Dec 21)
- Re: Reminder: I attend painful meetings so you don't have to Rodrigo Branco (Dec 18)