
Attacking Chrome IPC [video] - DyslexicAtheist
https://media.ccc.de/v/35c3-9579-attacking_chrome_ipc
======
nly
Great talk. Imho, the most interesting aspect is Neds emphasis on the length
and intensity of the work, and his own attitude toward learning. Over a year
of studying and hammering on the sandbox before a win presented itself.

A lot of people seem to be kept out of the field by the notion that finding
these vulnerabilities can only be the result of some kind of genius

~~~
dane-pgp
Yes, his story and his humility are inspiring, but I think there is a bit of
survivorship bias in drawing conclusions from a talk like this, or from one
person's experience.

For example, I can't imagine someone being accepted to give a talk at a
security conference about how they tried for 2 years to learn C++ to find a
vulnerability in Chrome, but failed to even get as far as understanding enough
to change a line of code.

------
superwayne
This is a great talk and has some useful insight about how he got into
fuzzing. I liked the part where he kind of demystified himself by making the
argument that one doesn't have to be smart to do this kind of work but just
has to invest a lot of time. It's a pity that the title doesn't reflect better
on the actual focus of the talk.

