alexsotirov
-
@ You'd get a lot less angry tweets if the name of the standard makes it clear that it regulates vendors and not researchers
about 15 hours ago
from Tweetie
in reply to k8em0
-
@ Of course, there's nothing wrong with standardizing the basic response process and bringing other industries up to the MSRC level.
about 16 hours ago
from web
in reply to k8em0
-
@ I find the title insulting; it implies that other types of disclosure are irresponsible. Do value judgements belong in ISO standards?
about 16 hours ago
from web
in reply to k8em0
-
@ I really doubt that the ISO standard will be any less one-sided and less insulting to researchers than OIS was. Prove me wrong.
about 19 hours ago
from web
in reply to k8em0
-
Me: hi! Girl: hi, I'm a Playboy model. Me: WTF do I say to that?
11:15 PM Nov 13th
from Tweetie
-
I could use NtAddAtom, but I am not sure adding thousands of random atoms is safe if you want to keep the process running after exploitation
4:40 PM Nov 13th
from web
-
156 bytes: resolve IsBadReadPtr, search for a 16-byte egg, copy the shellcode following the egg to a RWX page and execute it
4:20 PM Nov 13th
from web
-
@ I wonder what they mean by "more aggressive ASLR". If the compiler DLLs have /dynamicbase:no, they shouldn't be rebased, no?
12:11 PM Nov 13th
from web
in reply to halvarflake
-
@ Yeah, the egghunter will have to be pretty big. But that's the only way to make it both reliable and portable.
8:47 AM Nov 13th
from web
in reply to nicowaisman
-
@ The NtDisplayString syscall number is not constant across OS's, NtAddAtom has sideeffects. IsBadReadPtr is the best egghunter option.
8:13 AM Nov 13th
from web
in reply to dm557
-
If you read Schneier you're already familiar with all these arguments, but this essay summarizes his ideas very well:
8:07 AM Nov 13th
from web
-
Pro tip: to fix broken drag and drop in Fusion 3, completely remove the old VMware Tools and reinstall instead of doing an upgrade.
10:27 PM Nov 12th
from web
-
I forgot that you can't have SEH handlers outside of image sections on Vista and now I have to rewrite my egghunter :-(
10:19 PM Nov 12th
from web
-
Is Georgi Guninski coming out of retirement? Here's a Mozilla bug he found recently:
2:35 PM Nov 12th
from web
-
@ No, I work in complete silence.
2:20 PM Nov 12th
from web
in reply to drraid
-
@ I agree that LLVM is a much better compiler system, but their FAQ said it was too large and slow for their needs.
2:02 PM Nov 11th
from web
in reply to postmodern_mod3
-
@ I think the runtime is in C, the compiler is a GCC frontend
1:35 PM Nov 11th
from web
in reply to drraid
-
Is full disclosure so bad? The recent flaw in SSL was disclosed before the coordinated patch release was ready and yet the sky didn't fall.
10:54 PM Nov 10th
from web
-
The design of Google's new language solves many of the problems of C and C++. Let's hope it's more successful than Plan9:
10:16 PM Nov 10th
from web
-
@ We need to co-opt the PETA campaign against the senseless slaughter of sheep:
4:13 PM Nov 10th
from web
in reply to dinodaizovi
|
- Name Alexander Sotirov
- Location New York, NY
- Web http://www.phreed...
- Bio The term "security researcher" makes hacking sound respectable, but it's still the same thing.
|
