Wednesday, April 16, 2008

He's a remorseless killing machine...

I loved this bit at the end of a recent blog post on the Matasano blog:

Has Mark Dowd simply outclassed us? Should we pack it up and quit?
Yes. But don’t feel bad about that. You’re a human being, and he’s a remorseless killing machine. Big Blue crushed Kasparov, and now he’s not the prime minister of Russia! At a certain point, you have to concede the field, moving on to games where human beings still have the advantage. Computers haven’t solved Go, for instance. For us researchers, I suggest we take advantage of Mark Dowd’s robotic inability to love, and take up the arts, such as watercolors or interpretive dance.

This comment comes at the end of the 2nd post commenting on Mark's recent software security paper on Flash. The paper itself is quite brilliant - going from a write-AV on a NULL dereference, to running unverified ActionScript and pwning Flash.
For a more high-level summary see these posts: #1, #2 on the Matasano blog.

Incidentally, enabling ASLR on Vista would be a way to mitigate against this attack, but sadly Adobe haven't yet released a version of Flash with the required option set in their binary. If you're geeky and want to turn this on yourself, you can use a recent link.exe from Visual Studio or the WDK like so:

link.exe /edit /dynamicbase filename

Flash files live under %windir%\system32\Macromed\Flash or %windir%\SysWow64\Macromed\Flash on 64-bit Vista.
And of course it might be a good idea to install the latest version of Flash from

No comments: