科技回声

11 条评论

tptacek大约 13 年前

What's amazing about this bug is that at every step you learn something that makes Pinkie Pie more terrifying while simultaneously making the Chrome security model sound more and more forbidding.

评论 #4010231 未加载

评论 #4011391 未加载

评论 #4010140 未加载

pilif大约 13 年前

In the end it all boiled down to old-style plugins. All the exploits were used to finally install and run an old-style NPAPI plugin.Just like ActiveX, these are binary code that usually runs outsidE of any sandboxing due to compatibility reasons.With NaCL or just the advances in HTML and related technologies, this kind of plugin really should have outlived its usefulness by now and maybe it's time to drop support - at least support for all plugins but a few whitelisted ones from the older ages.Like Flash and maybe QuickTime (though both have a terrible security track record).Though considering the persistence of piling up bugs that was happening here, for all we know, there would have been a different exploit somewhere else that could have worked even without NPAPI. It would just close one more attack surface.

评论 #4010959 未加载

评论 #4010751 未加载

picklefish大约 13 年前

I'd love to see a writeup from Pinkie Pie on the steps and tools he used to find these bugs. Reversing write-ups are always entertaining to read.

Jun8大约 13 年前

So for about $120K+ they had more than 16 significant bugs discovered in Chromium. That's really cheap!

mark-r大约 13 年前

If you don't have a young girl you might not appreciate the link between "Pinkie Pie" and "Pwnie": <a href="http://mlp.wikia.com/wiki/Pinkie_Pie" rel="nofollow">http://mlp.wikia.com/wiki/Pinkie_Pie</a>

评论 #4010414 未加载

评论 #4010383 未加载

评论 #4010386 未加载

moistgorilla大约 13 年前

This really takes you into the mind of a hacker(the malicious kind). Judging from what I saw it seems they combine a ton of small exploits to produce a major security breach. The amount of understanding of the underlying system you need to have in order to put these exploits together is mind boggling.What do we do against people like this?

评论 #4010471 未加载

评论 #4010389 未加载

评论 #4010171 未加载

评论 #4010817 未加载

评论 #4010429 未加载

cnbeuiwx大约 13 年前

This is a real hacker. I wish I had this kind of passion and intelligence myself. :)

jorgem大约 13 年前

So crazy. I wonder how long it took to come up with that attack? There must have been a ton of dead ends along the way.

评论 #4010569 未加载

评论 #4010299 未加载

jtchang大约 13 年前

It is scary that once you have a foothold it just becomes a matter of time until someone figures out how to use it to piggyback on to more unrestricted space.

thereason大约 13 年前

"a low level interface to the GPU command buffer"This sounds cool. Is this a standard feature in Chrome?

评论 #4012461 未加载

tobyjsullivan大约 13 年前

Just... sick! Wow. Speechless.

11 条评论

tptacek大约 13 年前

评论 #4010231 未加载

评论 #4011391 未加载

评论 #4010140 未加载

pilif大约 13 年前

评论 #4010959 未加载

评论 #4010751 未加载

picklefish大约 13 年前

I'd love to see a writeup from Pinkie Pie on the steps and tools he used to find these bugs. Reversing write-ups are always entertaining to read.

Jun8大约 13 年前

So for about $120K+ they had more than 16 significant bugs discovered in Chromium. That's really cheap!

mark-r大约 13 年前

评论 #4010414 未加载

评论 #4010383 未加载

评论 #4010386 未加载

moistgorilla大约 13 年前

评论 #4010471 未加载

评论 #4010389 未加载

评论 #4010171 未加载

评论 #4010817 未加载

评论 #4010429 未加载

cnbeuiwx大约 13 年前

This is a real hacker. I wish I had this kind of passion and intelligence myself. :)

jorgem大约 13 年前

So crazy. I wonder how long it took to come up with that attack? There must have been a ton of dead ends along the way.

评论 #4010569 未加载

评论 #4010299 未加载

jtchang大约 13 年前

It is scary that once you have a foothold it just becomes a matter of time until someone figures out how to use it to piggyback on to more unrestricted space.

thereason大约 13 年前

"a low level interface to the GPU command buffer"This sounds cool. Is this a standard feature in Chrome?

评论 #4012461 未加载

tobyjsullivan大约 13 年前

Just... sick! Wow. Speechless.

A Tale of Two Pwnies (Part 1)

11 条评论

A Tale of Two Pwnies (Part 1)

11 条评论