Dailydave mailing list archives
Bring a question, and sunblock.
From: Dave Aitel <dave.aitel () gmail com>
Date: Mon, 14 Jan 2019 14:26:16 -0500
https://twitter.com/daveaitel/status/1084837761796980736 Project Zero released about five different bugs today in Windows: https://bugs.chromium.org/p/project-zero/issues/detail?id=1683 This is my favorite bit: """ *Ultimately I warned you after cases 36544 and 37954 that you should be fixing the root cause of normal user’s being able to use the Session Moniker not playing whack-a-mole with COM objects. Of course you didn’t listen then and no doubt you’ll just try and fix browser broker and be done with it.* """ The thing about underlying frameworks, and none is more FUNdamental than COM, is that they are extremely difficult to fix, and the bugs are far reaching and typically quite reliable. Anyways, here's my suggestion when you attend a conference like INFILTRATE: Come with a question for a speaker. The thing with smaller conferences is you can literally sit down at the dinner table with James Forshaw and ask him detailed questions about his process or how he sees the future of security with COM working out, or where he didn't bother to look or what bugs are easy or hard to find. Pick any INFILTRATE speaker, and PREPARE a question about their research. -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Bring a question, and sunblock. Dave Aitel (Jan 14)