Interesting thought

French firm Vupen has hacked Chrome v11.0.696.65 running on Windows v7 service pack 1, bypassing the sandbox, address space layout randomization (ASLR) and data execution prevention (DEP) sandbox.

They released the details on their blog and the CNET Story is here.

Aside from the how they released the exploit as a lovely video - which is cutting edge cool - what is quite interesting is they haven’t given the exploit details to Google. There’s no sign of that in fact. Rather they say this:

Vupen … said it would not publicly disclose the exploit code or technical details of the vulnerabilities but will share them with its government customers as part of its vulnerability research services.

So they are making money off their own customer base for the research. Imagine if the security community started a trend for closed research, that is to say don’t give the research to vendors for free. But rather sold the info to governments and other customers privately.

What a change in the landscape that would be.

Posted by Carlton Duston on 10 May 2011 | 0 comments
Tagged with News, Opinion, None

Comments

Post new comment

Your name: *

E-mail: *

The content of this field is kept private and will not be shown publicly.

Homepage:

Comment: *

• Node images can be embedded in this post. Format: [image:ID:TYPE:ALIGN:CAPTION]
  TYPE: thumb display logo
  ALIGN: left right center none
  CAPTION: <insert new> desc (image description) none
  Examples: [image:8:thumb:right:none] [image:12:display:none:Sunset]
• You can use Textile markup to format text.
• Adds typographic refinements.

More information about formatting options

4

What code is in the image?: *

Enter the characters shown in the image.