back to article Mystery Chrome 0-day exploit to be unveiled in India on Saturday

A Georgian security researcher is due to present details of an unpatched vulnerability in Google's Chrome browser at the Malcon security conference in India over the weekend. Years ago the circumstances of Ucha Gobejishvili's presentation would hardly have raised an eyebrow but that was before Google began offering up to $60,000 …

COMMENTS

This topic is closed for new posts.
Pint

DLL?

Does this mean it's Windoze only?

4
6
Anonymous Coward

Yawn

"Does this mean it's Windoze only?"

No. But it may mean that it's Windows only.

There's only one thing more tiresome than Windows and that's 'Windoze' (or your preferred tedious variant of choice).

8
5
Gold badge
Facepalm

Re: DLL?

Depends whether that's DLL as in ".dll" in which case it may be, or DLL as in the generic term "Dynamically Linked Library" in which case it quite probably isn't.

While all ".dll"s in Windows should be DLLs, not all DLLs out in the world have ".dll" appended to the name.

0
0
Anonymous Coward

Re: Yawn

See also: Farcebook, Micro$oft, Crapple, sheeple etc. etc.

Ha-ha, ha, ha, i see what you did there, you are "hilarious" and original.

0
0
JDX
Gold badge

a demo of the first Windows Mobile 8 malware

Skype?

(I don't agree but figured it would get a giggle)

2
1
Gold badge
Happy

Re: a demo of the first Windows Mobile 8 malware

Don't knock it. Now they've got the irrelevance of the 8 version sorted out, the Skype devs have been freed up to do other things.

New version for Android shipped and actually works[1]. Yippee.

[1] That's "works" as in doesn't go titsup.com rather than connect if you flip tails rather than heads, has video that actually moves and can be used with the device's internal mic without the other end needing the volume wound up past 11.

0
0
Anonymous Coward

penetration tester?

Thought this was a Bootnotes story for a minute

0
1
Anonymous Coward

Youthfulness

I'm not surprised at the callowness of some of the high profile conference participants - it all means so much more when you are in your teens and there are more spare hours where for your own sanity you need to keep your brain distracted from the contents of your trousers.

In my day it was Prestel or the school EcoNet but I'm sure the fundamentals are not too different.

And they won't be wowed & distracted by four colour digital images of Midge Ure at Live Aid.

0
0
Anonymous Coward

Most of the "exploits" this researcher has found aren't exploits. The only reason he is even newsworthy at the moment is because he claims to have an exploit (very likely he doesn't going by his track record) but doesn't want to sell it or get a reward for it.

The Firefox 13 "remote DoS" he came up with is running Javascript on a page and just creating a massive variable to use up memory.

A previous security report he made about Chromium is the same. Running Javascript and using up lots of memory so that tab will crash. You can find all his other reports on the Chromium bug tracker and they're all invalid reports as they're not security flaws.

The video converter "buffer overflow" involves creating a brand new DLL with his exploit code in. Why bother writing a buffer overflow if you've already got the ability to create and run a DLL in that process?

The one place he does have some success is with SQL injection and XSS flaws. He's clueless about actual buffer overflows and other code execution flaws.

1
0
Facepalm

A little background ...

If it's the same Ucha Gobejishvili that discovered these beauties, then Google probably haven't stopped laughing since his speech was announced:

https://code.google.com/p/chromium/issues/list?can=1&q=reporter%3Alongrifle0x

He's been trolling Google with these all year. Exploits discovered include making the status bar say something that isn't the URL of the link you're hovering over, by using the Javascript API that lets you do that.

2
0
Anonymous Coward

Re: A little background ...

He does seem rather keen to make himself look like a complete idiot.... frankly if that is all he can come up with then I suspect his 0 day exploit is just another pile of poop.

0
0

Heard it all before, and now we will get the run down on some half assed exploit that requires more than your average exploit to be vuln to the masses. I can hear all the sighs of relief now after said conference is done.

0
0
Silver badge

Instant Flash Mobs for Crash and Burn Situations ...... Dire Straits

He says he's holding off on publishing details because the issue is dangerous, though paradoxically he doesn't seem to be working with Google in helping to develop a fix. He doesn't appear to be working with exploit brokers either. Gobejishvili's general reticence is shrouded in some mystery.

Some bugs are dangerous and cannot be fixed. Then do things move on to the organisation of exploitation. One then can fully understand and commend reticence for shrouding mysterious discoveries.

Such times in CyberSpace are as a loded pause to consider one's general position and specific direction of wished travel.

1
0
Silver badge
Coffee/keyboard

Re: Instant Flash Mobs for Crash and Burn Situations ...... Dire Straits

Are you ill from Curiosity? That was coherent and reasonable.

0
0

Makes perfect sense to me

1. Find exploit

2. Make the news by not excepting Googls $60k

3. Wait for some shady figure to offer you over $60k for it

4. If they don't then take Google's offer

Joe

0
0
Gold badge
WTF?

Re: Makes perfect sense to me

I think (4) has a bit of a problem. If he details it at a conference and Google then use the information to find and fix the problem, he's a bit stuffed there.

What were you thinking? The vuln's his IP[1] and he could sue if they fix it without paying him?

[1] If there are any IP lawyers reading, there is a world of difference between sarcasm and a bloody brilliant idea. Not that you're likely to understand that.......

0
0
Anonymous Coward

So.....

.... it's Sunday morning here in the US... so where is this amazing 0-day exploit then???

0
0
Silver badge

Re: So.....

I'm waiting, too.

0
0
This topic is closed for new posts.

Forums