6 comments

[ 3.7 ms ] story [ 22.8 ms ] thread
They're a joke (literally), of course, but the list of vulnerabilities here is pretty interesting.

Predictions:

* Serverside: Heartbleed

* Clientside: Geohot

* Privilege Escalation: evasi0n

* Most innovative: RPW's hardware memory corruption

* Epic fail: ISC2

* Epic ownage: MtGox

(comment deleted)
Hmm. I hadn't heard of the errata-driven memory corruption paper before: although interesting, it didn't seem terribly novel -- errata being used to adversely affect a machine have been around since the dawn of time.

My personal 'most innovative', I think, would go to the BROP paper. The other exploits are all interesting tricks on modern systems, but the BROP paper is the one that made my jaw really drop in terms of how much they could do with such little information...