

What is a “good” memory corruption vulnerability? - scarybeast
http://googleprojectzero.blogspot.com/2015/06/what-is-good-memory-corruption.html

======
tptacek
Especially if you're not already "read in" how how modern exploits are
designed, this is a really, really excellent blog post.

------
tacoman
Reading vulnerability and exploit analysis is (and always will be) a hobby of
mine. Despite being someone that is fairly comfortable in a debugger, familiar
with x86 assembly and has spent 2 decades troubleshooting complex software in
large environments, the skill needed to pull off exploiting these
vulnerabilities is incredible. When you take into account the work required to
bypass somewhat recent developments like stack protection schemes, DEP, and
ASLR, building the software to exploit these memory corruption problems is
something you can spend your entire life failing at.

Sometimes, I have a hard enough time getting software to do what it's
legitimately supposed to do, never mind something it's NOT supposed to do!

As a side note, there is are some folks that are pretty critical of Project
Zero. The argument is that Google should be using these brilliant resources on
creating defensive measures rather than playing whack-a-mole.

I don't know one way or the other, but I sure enjoy reading what they post on
that blog.

------
jtchang
It is kind of scary how good the attackers are getting at exploiting code.

It must take a considerable amount of work to get proficient in analyzing and
exploiting some of this code.

~~~
dinodaizovi
It definitely does take a considerable amount of work to get proficient to
that level and even more to develop the intuition of where to look. It must be
stated, however, that the authors of these blog posts are not attackers. They
are proactively finding and demonstrating where software already in common use
could be exploited by attackers.

Just like how research into cryptanalysis strengthens cryptography for
everybody, research into software vulnerabilities and exploitation strengthens
software security for everybody.

