Fuzzing for bugs yields poor results on offense. Too many other people looking with same tools, long dev time. #youkillityoueatit
-
-
This talk summarizes pretty well another reason why I won't use Android. Rich IPC enables trivial attacks between sandboxed apps.
-
MWR is abusing a trick in Android Chrome to reflect Android IPC calls all over the place. Feels like exploiting XSS.
-
Here's the Chrome feature that enabled MWR's Pwn2own exploit. It allows attacks where forms can POST local data backhttps://groups.google.com/a/chromium.org/forum/m/#!topic/chromium-reviews/xEaI6q7lQdg …
-
and here's the fix from Chrome https://bugs.chromium.org/p/chromium/issues/detail?id=659492 …
-
Thanks for covering our talk.
#youkillityoueatit -
No prob, it was pretty great! Talks are always better when you tell a good story.
End of conversation
New conversation -
-
-
I'm consistently impressed at how quickly and thoroughly experts in non-security things can tell you how to break their things.
-
A good example: work with a professional java developer when exploiting a java app and they'll cut your dev time in half.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.