A Georgian security researcher is due to present details of an unpatched vulnerability in Google's Chrome browser at the Malcon security conference in India over the weekend. Years ago the circumstances of Ucha Gobejishvili's presentation would hardly have raised an eyebrow but that was before Google began offering up to $60,000 …
Does this mean it's Windoze only?
"Does this mean it's Windoze only?"
No. But it may mean that it's Windows only.
There's only one thing more tiresome than Windows and that's 'Windoze' (or your preferred tedious variant of choice).
Depends whether that's DLL as in ".dll" in which case it may be, or DLL as in the generic term "Dynamically Linked Library" in which case it quite probably isn't.
While all ".dll"s in Windows should be DLLs, not all DLLs out in the world have ".dll" appended to the name.
See also: Farcebook, Micro$oft, Crapple, sheeple etc. etc.
Ha-ha, ha, ha, i see what you did there, you are "hilarious" and original.
a demo of the first Windows Mobile 8 malware
(I don't agree but figured it would get a giggle)
Re: a demo of the first Windows Mobile 8 malware
Don't knock it. Now they've got the irrelevance of the 8 version sorted out, the Skype devs have been freed up to do other things.
New version for Android shipped and actually works. Yippee.
 That's "works" as in doesn't go titsup.com rather than connect if you flip tails rather than heads, has video that actually moves and can be used with the device's internal mic without the other end needing the volume wound up past 11.
Thought this was a Bootnotes story for a minute
I'm not surprised at the callowness of some of the high profile conference participants - it all means so much more when you are in your teens and there are more spare hours where for your own sanity you need to keep your brain distracted from the contents of your trousers.
In my day it was Prestel or the school EcoNet but I'm sure the fundamentals are not too different.
And they won't be wowed & distracted by four colour digital images of Midge Ure at Live Aid.
Most of the "exploits" this researcher has found aren't exploits. The only reason he is even newsworthy at the moment is because he claims to have an exploit (very likely he doesn't going by his track record) but doesn't want to sell it or get a reward for it.
The video converter "buffer overflow" involves creating a brand new DLL with his exploit code in. Why bother writing a buffer overflow if you've already got the ability to create and run a DLL in that process?
The one place he does have some success is with SQL injection and XSS flaws. He's clueless about actual buffer overflows and other code execution flaws.
A little background ...
If it's the same Ucha Gobejishvili that discovered these beauties, then Google probably haven't stopped laughing since his speech was announced:
Re: A little background ...
He does seem rather keen to make himself look like a complete idiot.... frankly if that is all he can come up with then I suspect his 0 day exploit is just another pile of poop.
Heard it all before, and now we will get the run down on some half assed exploit that requires more than your average exploit to be vuln to the masses. I can hear all the sighs of relief now after said conference is done.
Instant Flash Mobs for Crash and Burn Situations ...... Dire Straits
He says he's holding off on publishing details because the issue is dangerous, though paradoxically he doesn't seem to be working with Google in helping to develop a fix. He doesn't appear to be working with exploit brokers either. Gobejishvili's general reticence is shrouded in some mystery.
Some bugs are dangerous and cannot be fixed. Then do things move on to the organisation of exploitation. One then can fully understand and commend reticence for shrouding mysterious discoveries.
Such times in CyberSpace are as a loded pause to consider one's general position and specific direction of wished travel.
Re: Instant Flash Mobs for Crash and Burn Situations ...... Dire Straits
Are you ill from Curiosity? That was coherent and reasonable.
Makes perfect sense to me
1. Find exploit
2. Make the news by not excepting Googls $60k
3. Wait for some shady figure to offer you over $60k for it
4. If they don't then take Google's offer
Re: Makes perfect sense to me
I think (4) has a bit of a problem. If he details it at a conference and Google then use the information to find and fix the problem, he's a bit stuffed there.
What were you thinking? The vuln's his IP and he could sue if they fix it without paying him?
 If there are any IP lawyers reading, there is a world of difference between sarcasm and a bloody brilliant idea. Not that you're likely to understand that.......
.... it's Sunday morning here in the US... so where is this amazing 0-day exploit then???
I'm waiting, too.