Dailydave mailing list archives

Re: ASLR+DEP = no problem. :>

From: Sergio 'shadown' Alvarez <shadown () gmail com>
Date: Thu, 4 Feb 2010 21:58:42 +0100

Thierry,

With all respect, you should read the paper before throwing your
unfounded thoughts about something you don't even know about.

Why refer to respect when all you write afterwards is full of despise
and   arrogance   ?   Your   capability   to   read   my mind is still
lacking ;) , apparently you thought you know - What I read and
what I know. Sorry to inform you that you are wrong on both.


Yeah, probably my capability to read your mind is lacking because I'm  
not a mind reader, as well on the other hand your capability to  
analyze exploitation techniques is lacking because you are not an  
exploit coder (beyond XSS and SQL-Injection I mean). Unless you've  
learnt something in the last year and a half, but first you should  
need to read ASM which you didn't know either, that's why I've guess  
on your interpretation about the technique...just saying.

BTW: I don't know anybody that surpass you when it comes to unfounded  
superb arrogance. If you wanna make it an open discussion, fine with me.

now, after reading the paper let me know if it requires a 'fix' as  
you
said, or a re-design/engineering and re-implementation of the JIT
itself. ;)

Does not compute either. By "fix" I abviously assumed "redesign/ 
eginner"
the JIT. The point was that ASLR/DEP is not dead because of error in a
JIT.


Now a 'fix' also means 'redesign/engineer' something, something that  
is not even a bug.
Sweet!, I can't wait to read in the changelog: 'We fixed that  
something we had there that wasn't a bug' instead of saying: 'we  
redesign the JIT compiler in order to provide a better defense in  
depth'.

I have a question for you though: how do you 'fix' something that is  
not a flaw or a bug?
We are talking about a design being used for something unexpected. (I  
lie, it was meant to be executable code :P)

Cheers,
   sergio
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

ASLR+DEP = no problem. :> dave (Feb 03)
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
  - Re: ASLR+DEP = no problem. :> Moshe Ben Abu (Feb 04)
    - Re: ASLR+DEP = no problem. :> dave (Feb 04)
    - Re: ASLR+DEP = no problem. :> Matthew Wollenweber (Feb 04)
  - Message not available
    - Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
    - Re: ASLR+DEP = no problem. :> Alexander Sotirov (Feb 04)
    - Re: ASLR+DEP = no problem. :> Nate Lawson (Feb 05)
    - Re: ASLR+DEP = no problem. :> Larry Seltzer (Feb 05)
    - Re: ASLR+DEP = no problem. :> Michal Zalewski (Feb 05)
    - Re: ASLR+DEP = no problem. :> Sergio 'shadown' Alvarez (Feb 04)
    - Re: ASLR+DEP = no problem. :> pageexec (Feb 04)
    - Re: ASLR+DEP = no problem. :> Berend-Jan Wever (Feb 05)