|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Sergio 'shadown' Alvarez (shadown
gmail.com)
Date: Thu Feb 04 2010 - 14:58:42 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thierry,
>> With all respect, you should read the paper before throwing your
>> unfounded thoughts about something you don't even know about.
> Why refer to respect when all you write afterwards is full of despise
> and arrogance ? Your capability to read my mind is still
> lacking ;) , apparently you thought you know - What I read and
> what I know. Sorry to inform you that you are wrong on both.
Yeah, probably my capability to read your mind is lacking because I'm
not a mind reader, as well on the other hand your capability to
analyze exploitation techniques is lacking because you are not an
exploit coder (beyond XSS and SQL-Injection I mean). Unless you've
learnt something in the last year and a half, but first you should
need to read ASM which you didn't know either, that's why I've guess
on your interpretation about the technique...just saying.
BTW: I don't know anybody that surpass you when it comes to unfounded
superb arrogance. If you wanna make it an open discussion, fine with me.
>> now, after reading the paper let me know if it requires a 'fix' as
>> you
>> said, or a re-design/engineering and re-implementation of the JIT
>> itself. ;)
> Does not compute either. By "fix" I abviously assumed "redesign/
> eginner"
> the JIT. The point was that ASLR/DEP is not dead because of error in a
> JIT.
Now a 'fix' also means 'redesign/engineer' something, something that
is not even a bug.
Sweet!, I can't wait to read in the changelog: 'We fixed that
something we had there that wasn't a bug' instead of saying: 'we
redesign the JIT compiler in order to provide a better defense in
depth'.
I have a question for you though: how do you 'fix' something that is
not a flaw or a bug?
We are talking about a design being used for something unexpected. (I
lie, it was meant to be executable code :P)
Cheers,
sergio
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]