Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: newest category of security bugs considered elite ?
From: Marsh Ray <marsh () extendedsubset com>
Date: Tue, 04 May 2010 14:55:19 -0500

On 5/1/2010 1:23 PM, Georgi Guninski wrote:
ok, we had a flame.

what is the newest category of sekurity bugz that is considered elite?

I had to think about this a few days.

My nomination for 'most leet' is the exploitation of hardware on the die
of the chip:

“Tarnovsky’s examination process involved subtle use of hardware-based
liquid chemical and gas technologies in a lab setting to probe with
specialized needles to build tungsten bridges.”

http://blackhat.com/html/bh-dc-10/bh-dc-10-speaker_bios.html#Tarnovsky

http://www.computerworld.com/s/article/9151158/Black_Hat_Researcher_claims_hack_of_chip_used_to_secure_computers_smartcards

Hardware hacking is a magnificent example of something everyone has
always known was possible and largely pretended didn't exist.

basically, int. over., BO are generally considered elite yet barely new.
XSS probably is not elite by 3l33t majority opinion.

i was looking in the past and my heart was not beating fast ;-)

Runner up is the category of research enabled by USRP:
http://www.ettus.com/products

Particularly the GSM rainbowing and OpenBTS efforts:
http://reflextor.com/trac/a51
http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html
http://www.theregister.co.uk/2009/12/28/gsm_eavesdropping_breakthrough/
http://openbts.sourceforge.net/

You asked about 'sekurity bugz'. Not sure if these are the bugz you are
looking for, :-) but its an answer to some question.

- Marsh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault