Mastodawn

Security conference talks fall into two categories
* we designed a distributed entropy siphon to perform a black-box hypervisor side channel escape and chain-load a persistent rootkit into the CPU cache
* we looked behind the sofa and found an entire industry of products/services that have made no attempt at security at all and are therefore vulnerable to the most basic issues that we've been finding in everything for the past 30 years, and no-one else had bothered to look.

Show thread

Sacha Ligthert 🇳🇱🇬🇧

@richardstephens This reminds me on how bugtraq in the late '90s/early '00s got their submissions:
1) Carefully probe commonly used to software to find some 3 bit glitch that allowed for a buffer overflow.
2) Download some random no-name FTP/HTTP server with 5 users world wide, inject 10 to 20 thousand lines in some command, cause a crash due to some overflow, write a post about it and conclude that its uncertain if its exploitable.

I do not miss the bugtraq mailinglist.