|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Charles Miller (cmiller
securityevaluators.com)
Date: Tue Aug 26 2008 - 15:56:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I feel a little uneasy about Microsoft declaring how exploitable
vulnerabilities are... That's a job I wouldn't want. Plus, if the
only people who can make a particular exploit reliable are Kostya and
Alex, does that count as reliable or somewhat reliable?
Charlie
On Aug 26, 2008, at 2:21 PM, Dave Aitel wrote:
> There's probably a few BlackHat talks you didn't bother to read, and
> I wanted to highlight a couple:
> 1.
> Alex Ionescuhttps://www.blackhat.com/presentations/bh-usa-08/Ionescu/BH_US_08_Ionescu_Pointers_and_Handles.pdf
>
>
> The bugs themselves are local DoS's (bluescreens) and Admin->Ring0
> jumps, but the methodology he used to find the bugs, and the
> win32k.sys internals he discusses while explaining them are
> interesting. I quickly wrote one of them up for CANVAS Early
> Updates, since you never know when Blue Screening some box might
> come in handy.
>
>
> 2.
> Secure the Planet! New Strategic Initiatives from Microsoft to Rock
> Your World Mike Reavey, Steve Adegbite, Katie Moussourishttps://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf
>
> Obviously my favorite part is the slide with CANVAS. :> But I think
> it's interesting that Microsoft is doing this stuff and I don't
> think people have asked them the hard questions about it yet. Also,
> those are quite cool caricatures .
>
> Recently Immunity's been tasked with something that requires the
> development of a secure MSRPC application in unmanaged C++. When you
> start trying to build something like this, you realize just how hard
> it is for normal developers. Where web developers have thousands of
> gadgets, papers, recipies, techniques, API's, and "how-tos", there
> really isn't anything great on building a secure MSRPC application.
> So while it's true that Microsoft is making the fastest strides in
> security, it's also true they have the longest to go.
>
> -dave
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]