My thoughts on the difference between Chrome's approach to security and Edge's approach.https://medium.com/@justin.schuh/securing-browsers-through-isolation-versus-mitigation-15f0baced2c2#.snvaii5dh …
-
-
Replying to @justinschuh
Includes a callout to
@dguido and@dotMudge, along with a thanks to@parityzero for proofing.2 replies 0 retweets 2 likes -
Replying to @justinschuh @parityzero
Thanks for the note! Really impressive turnaround time for such a detailed blog post. However, I have 2 issues...
1 reply 0 retweets 0 likes -
1. It feels like you are ignoring or underestimating the impact of the code signing mitigation
2 replies 0 retweets 0 likes -
2. CFG is NOT unproven on Windows. It is deployed to millions of machines and has a known impact on exploitation.
1 reply 0 retweets 0 likes -
Replying to @dguido @parityzero
My take is that CFG/CFI is still getting hammered out, and it feels like it really needs complementary technologies.
3 replies 0 retweets 0 likes
to be fair, we're fighting a war of inches here. Only pros were left writing Chrome/Edge browser exploits anyway.
-
-
Replying to @dguido @parityzero
And that's actually an amazing compliment to get.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.