Overclock.net › Forums › Industry News › Software News › [MaxPC] Zero-day to Breach Chrome
New Posts  All Forums:Forum Nav:

[MaxPC] Zero-day to Breach Chrome - Page 4

post #31 of 36
Quote:
Originally Posted by Stealth Pyros View Post
Oh, so you want them to announce all the details publicly so that anyone on an easily hackable version of Chrome can be at risk?

That reminds me of how news stations release every bit of detail about a case in the search for a criminal. Cool, let them know that we're onto them and give them the perfect information they need to get away.
No. Where did I indicate anything like that? I'd like for them to instead of selling the information to governments for offensive/defensive purposes, to give it to Google for free.
Slow and Crappy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 960 Asus Rampage II Gene GTX480 6x 2GB Mushkin Redline 
Hard DriveOSPowerCase
OCZ Vertex 3 MaxIOPS 120GB / 2x WD RE4 2TB RAID 1 Windows 7 Ultimate 64-bit SP1 Corsair TX850 V2 Lian-Li PC-A04B 
  hide details  
Reply
Slow and Crappy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 960 Asus Rampage II Gene GTX480 6x 2GB Mushkin Redline 
Hard DriveOSPowerCase
OCZ Vertex 3 MaxIOPS 120GB / 2x WD RE4 2TB RAID 1 Windows 7 Ultimate 64-bit SP1 Corsair TX850 V2 Lian-Li PC-A04B 
  hide details  
Reply
post #32 of 36
First, it's irresponsible and dangerous for this group to share vulnerability information with governments, and not with the vendor (Google).

Second, virtual machine escape can be mitigated with proper security measures. Unfortunately, as far as I know, the technology to do so simply doesn't exist for Windows. For instance, KVM on Linux uses dynamic SELinux security contexts to prevent virtual machines from accessing the host system or other VMs; even if something broke out of the virtual machine using a bug in KVM, it would simply find itself in a SELinux cage, unable to do anything.
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
post #33 of 36
Quote:
Originally Posted by error10 View Post
First, it's irresponsible and dangerous for this group to share vulnerability information with governments, and not with the vendor (Google).
Yes, it is perpetuating the existence of the exploit to make money.

No different than a malicious person doing the same.
    
CPUMotherboardGraphicsRAM
Phenom II X3 720 @ 3.5 (1.39v) Gigabyte GA-MA790XT-UD4P ASUS 5850 @ 880/1180 (1.118v) 4gb 1333mhz G.Skill DDR3 
Hard DriveHard DriveHard DriveHard Drive
64gb Crucial M4 SSD 3x 250gb WD2500JD - RAID0 1tb WD1001FALS 1tb WD10EARS 
Optical DriveCoolingOSMonitor
Pioneer DLDVD/CDRW Arctic Freezer Pro 64 Win 7 64bit Ultimate E2305 LG 23" LED 
KeyboardPowerCaseMouse
Filco Majestouch II Ninja Tenkeyless Fortron BlueStorm II 500w CM 690II Advanced Razer DeathAdder 
Mouse PadAudioAudio
generic Echo Miamidi PCI M-Audio BX5a Studio Monitors 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Phenom II X3 720 @ 3.5 (1.39v) Gigabyte GA-MA790XT-UD4P ASUS 5850 @ 880/1180 (1.118v) 4gb 1333mhz G.Skill DDR3 
Hard DriveHard DriveHard DriveHard Drive
64gb Crucial M4 SSD 3x 250gb WD2500JD - RAID0 1tb WD1001FALS 1tb WD10EARS 
Optical DriveCoolingOSMonitor
Pioneer DLDVD/CDRW Arctic Freezer Pro 64 Win 7 64bit Ultimate E2305 LG 23" LED 
KeyboardPowerCaseMouse
Filco Majestouch II Ninja Tenkeyless Fortron BlueStorm II 500w CM 690II Advanced Razer DeathAdder 
Mouse PadAudioAudio
generic Echo Miamidi PCI M-Audio BX5a Studio Monitors 
  hide details  
Reply
post #34 of 36
Quote:
Originally Posted by timAHH View Post
No. Where did I indicate anything like that? I'd like for them to instead of selling the information to governments for offensive/defensive purposes, to give it to Google for free.
Sorry, I read what you had quoted out of context. I thought your quote was referring to Google only sharing the details of its security breech to the governments (so that they are aware of it for their own systems in places such as schools and whatnot) not the company that was able to hack Chrome.
Gaming Rig
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k, 4.6GHz, 1.304v ASRock P67 Extreme4 Gen3 2x Sapphire HD7970 OC with Boost, 1150 MHz/1550... 2x4GB DDR3 1600 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro Samsung 750GB HD753LJ Samsung F3 ASUS 24X DVD Combo Drive 
CoolingOSMonitorKeyboard
Noctua DH14 Windows 8 Professional x64 Crossover 27Q 27" IPS LED, 2560x1440 Logitech G11 
PowerCaseMouseMouse Pad
Corsair TX750 Cooler Master HAF932 Logitech G500 Custom 
AudioAudioAudioAudio
Creative X-Fi Titanium Fatal1ty 2x Dayton B652 Bookshelf Dayton DTA-100A Amplifier Dayton 12" SUB-1200 Subwoofer 
  hide details  
Reply
Gaming Rig
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k, 4.6GHz, 1.304v ASRock P67 Extreme4 Gen3 2x Sapphire HD7970 OC with Boost, 1150 MHz/1550... 2x4GB DDR3 1600 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro Samsung 750GB HD753LJ Samsung F3 ASUS 24X DVD Combo Drive 
CoolingOSMonitorKeyboard
Noctua DH14 Windows 8 Professional x64 Crossover 27Q 27" IPS LED, 2560x1440 Logitech G11 
PowerCaseMouseMouse Pad
Corsair TX750 Cooler Master HAF932 Logitech G500 Custom 
AudioAudioAudioAudio
Creative X-Fi Titanium Fatal1ty 2x Dayton B652 Bookshelf Dayton DTA-100A Amplifier Dayton 12" SUB-1200 Subwoofer 
  hide details  
Reply
post #35 of 36
Quote:
Originally Posted by _02 View Post
Yes, it is perpetuating the existence of the exploit to make money.

No different than a malicious person doing the same.
Which seems to be pretty common now-a-days. As the HB Gary leaked emails showed that hacking for corporations and governments is extremely profitable and apparently legal.
post #36 of 36
Quote:
Originally Posted by chemicalfan View Post
Seconded - I don't see how a virus could move itself from a VM guest to host system (especially if they're different operating systems)
Very easily! There have been numerous exploits over the years for VMWare. Different operating systems makes no difference either. If the guest is Windows and the Host is Linux, I just write an exploit for Windows that writes Linux binary to the Host.

http://www.blackhat.com/presentation...urst-PAPER.pdf
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [MaxPC] Zero-day to Breach Chrome