Create an Account
username: password:
 
  MemeStreams Logo

Dowd’s Inhuman Flash Exploit

search

ubernoir
Picture of ubernoir
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

ubernoir's topics
Arts
  Literature
   Fiction
   Sci-Fi/Fantasy Literature
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
  Events in Washington D.C.
Science
  Astronomy
  Space
Society
  International Relations
  History
Sports
  Football
Technology
  Computers

support us

Get MemeStreams Stuff!


 
Dowd’s Inhuman Flash Exploit
Topic: Miscellaneous 9:08 am EDT, Apr 19, 2008

The evidence is now overwhelming that Mark Dowd was, in fact, sent back through time to kill the mother of the person who will grow up to challenge SkyNet. Please direct your attention to Dowd’s 25-page bombshell on a Flash bytecode attack.

Some context. Reliable Flash vulnerabilities are catastrophes. In 2008, we have lots of different browsers. We have different versions of the OS, and we have Mac users. But we’ve only got one Flash vendor, and everyone has Flash installed. Why do you care about Flash exploits? Because in the field, any one of them wins a commanding majority of browser installs for an attacker. It is the Cyberdyne Systems Model 101 of clientsides.

So that’s pretty bad-ass. But that’s not why the fate of humanity demands that we hunt down Dowd and dissolve him in molten steel.

Look at the details of this attack. It’s a weaponized NULL pointer attack that desynchronizes a bytecode verifier to slip malicious ActionScript bytecode into the Flash runtime. If you’re not an exploit writer, think of it this way: you know that crazy version of Super Mario Brothers that Japan refused to ship to the US markets because they thought the difficulty would upset and provoke us? This is the exploit equivalent of that guy who played the perfect game of it on YouTube.

Big upz and mad Respekt for Mark Dowd.

Dowd’s Inhuman Flash Exploit



 
 
Powered By Industrial Memetics
RSS2.0