My thoughts on the difference between Chrome's approach to security and Edge's approach.https://medium.com/@justin.schuh/securing-browsers-through-isolation-versus-mitigation-15f0baced2c2#.snvaii5dh …
-
Thanks for the note! Really impressive turnaround time for such a detailed blog post. However, I have 2 issues...
1. It feels like you are ignoring or underestimating the impact of the code signing mitigation
-
-
2. CFG is NOT unproven on Windows. It is deployed to millions of machines and has a known impact on exploitation.
-
My take is that CFG/CFI is still getting hammered out, and it feels like it really needs complementary technologies.
- 2 more replies
New conversation -
-
-
I feel I gave full credit, but I'm also dubious long term, as full ROP compilers are already a thing (e.g. on iOS).
-
Code signing mitigation seems to be aimed more against faulty well-meaning 3rd party code than malware.
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.