Fuzzing for bugs yields poor results on offense. Too many other people looking with same tools, long dev time. #youkillityoueatit
-
-
Replying to @dguido
George+Robert making the case for hunting reliable, arch-agnostic logic flaws. Revealing 1 logic flaw doesn't always disclose others.
1 reply 1 retweet 6 likes -
Replying to @dguido
Talking from experience with pwn2own
#youkillityoueatitpic.twitter.com/1fZFKHpnov
1 reply 1 retweet 11 likes -
Replying to @dguido
How do you find logic flaws? In a word, experience. Lots of vague advice: try threat modeling, identify trust boundaries, think really hard.
2 replies 1 retweet 11 likes -
Replying to @dguido
This talk summarizes pretty well another reason why I won't use Android. Rich IPC enables trivial attacks between sandboxed apps.
1 reply 7 retweets 5 likes -
Replying to @dguido
MWR is abusing a trick in Android Chrome to reflect Android IPC calls all over the place. Feels like exploiting XSS.
3 replies 4 retweets 1 like -
Replying to @dguido
Here's the Chrome feature that enabled MWR's Pwn2own exploit. It allows attacks where forms can POST local data backhttps://groups.google.com/a/chromium.org/forum/m/#!topic/chromium-reviews/xEaI6q7lQdg …
1 reply 5 retweets 8 likes -
Replying to @dguido
and here's the fix from Chrome https://bugs.chromium.org/p/chromium/issues/detail?id=659492 …
2 replies 1 retweet 5 likes -
No prob, it was pretty great! Talks are always better when you tell a good story.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.