So a while back I asked what the point of PWN2OWN was, and Mark Dowd said that of course many people have never SEEN a modern exploit, and hence it has some strategic value. I think for Google it's also useful to see what new bugclasses exist in their products that people have not otherwise publicly told them about, as well. The main bugclass is being arrogant enough to believe they can write something memory safe in C++, but we'll get to that later. :>
In any case, Linux's kernel is also written in C (and asm!). And we've updated our PTRACE exploit in CANVAS Early Updates so now it works on hard iron, vm's, basically everything Linux because updating Linux is painfully hard. CANVAS Early Updates is not expensive - ya'll should subscribe. -dave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave@lists.immunityinc.com https://lists.immunityinc.com/mailman/listinfo/dailydave