#DailyBug #GoogleChrome blink Serializer::doSerialize bad cast
Bad casts are the new use-after-free.http://blog.skylined.nl/20161111001.html …
-
-
Replying to @berendjanwever
has
@XI_Research EIP/RSP program ever responded? It seems like iDefense and ZDI are the go-to guys1 reply 0 retweets 0 likes -
Replying to @p3t3_r3c0n
Yes, I have a good relation with
@XI_Research. Unfortunately, they want bugs where exploitation is proven e.g. you have PoC code1 reply 0 retweets 1 like -
Replying to @berendjanwever @XI_Research
oh ok so they are somewhere between
@thezdi (show exploitable crash) and@Zerodium (provide full exploit)?1 reply 0 retweets 0 likes -
Replying to @p3t3_r3c0n @XI_Research and
AFAICT yes. I'm guessing their customers are also in between, which is a bit of a problem for me
1 reply 0 retweets 2 likes -
Replying to @berendjanwever @p3t3_r3c0n and
...as I want to be sure I don't provide anyone with 0-day for active use against third parties.
1 reply 0 retweets 2 likes -
Replying to @berendjanwever @p3t3_r3c0n and
...which is hard to (if not impossible) to guarantee in many cases.
1 reply 0 retweets 2 likes -
Replying to @berendjanwever @p3t3_r3c0n and
e.g.
@SecuriTeam_SSD is interesting, but hard to prove who gets the information and how it's used2 replies 0 retweets 0 likes -
Replying to @berendjanwever @XI_Research and
oh,I didn't even know about
@SecuriTeam_SSD. If you knew 0days were going to LE,would u sell?1 reply 0 retweets 0 likes -
Replying to @p3t3_r3c0n
No: I won't hand anyone a weapon and hope for the best. I will only help if I know the target and agree it's fair to attack.
1 reply 0 retweets 1 like
and I certainly won't shoot myself in the foot by helping agencies that target effectively everyone (especially non-US like me).
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.