My thoughts on the difference between Chrome's approach to security and Edge's approach.https://medium.com/@justin.schuh/securing-browsers-through-isolation-versus-mitigation-15f0baced2c2#.snvaii5dh …
1. It feels like you are ignoring or underestimating the impact of the code signing mitigation
-
-
I feel I gave full credit, but I'm also dubious long term, as full ROP compilers are already a thing (e.g. on iOS).
-
Code signing mitigation seems to be aimed more against faulty well-meaning 3rd party code than malware.
-
Guessing, but Edge CF procs have some FS access, so a shorter ROP chain to load an attacker controlled binary.
-
Plausible, although if you can already call LoadLibrary with your arguments, you can also do without it.
-
CIG and no child proc protect against this, can't load improperly signed attacker DLL/EXE
-
My point is if you already have a way to call CreateProcess or LoadLibrary, you can generally...
-
...execute arbitrary code without these as well, just less conveniently.
-
I think the point is to force the entire payload to ROP, and then figure out how to kill ROP.
- 1 more reply
New conversation -
-
-
2. CFG is NOT unproven on Windows. It is deployed to millions of machines and has a known impact on exploitation.
-
My take is that CFG/CFI is still getting hammered out, and it feels like it really needs complementary technologies.
-
That said, we are investing significantly in CFI, so I am positive on it over the long term. It's just early to call it.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.