Twitter | Search | |
Michael Schwarz 9 Jan 18
Replying to @mlqxyz @lavados and 2 others
Our proof-of-concept is now also online, so you can play around with that:
Reply Retweet Like
Martin Gens 4 Jan 18
Replying to @misc0110 @mlqxyz and 3 others
can we show this demonstration in a report on swedish television? (TV4)
Reply Retweet Like
Michael Schwarz 4 Jan 18
Replying to @martgens @mlqxyz and 3 others
Yes, there is also a higher-resolution version:
Reply Retweet Like
Barme 4 Jan 18
Replying to @misc0110 @mlqxyz and 3 others
Not so convincing. Which application is running the pwd popup and how do you guess the 0x3c8...?
Reply Retweet Like
Michael Schwarz 4 Jan 18
Replying to @lbarme @mlqxyz and 3 others
We did not want to show a specific application, so it is only a demo app (a simple GTK application on Linux). For brevity, we don't show how to get the address here. If you are not convinced, wait for the PoC code and try it yourself ;)
Reply Retweet Like
Ralf 3 Jan 18
Replying to @misc0110 @mlqxyz and 3 others
s/real time/just in time/ Nevertheless. Wow. Are you going to publish demo code?
Reply Retweet Like
Michael Schwarz 3 Jan 18
Replying to @r__ralf @mlqxyz and 3 others
Yes, we are publishing demo code as soon as patches are available, so I guess next week.
Reply Retweet Like
Michael Schwarz 6 Jan 18
Replying to @paolinuzz @Pxtl and 4 others
This is only the case for covert channels, where code on a VM transmits files to JavaScript via a side channel (JavaScript has no access to files). If you look at side-channel attacks, they can fully run in JavaScript (see for many JavaScript-only attacks)
Reply Retweet Like
Michael Schwarz 6 Jan 18
Replying to @leaver77 @Hakin9 and 5 others
Yes, because it is my demo and tweeted exactly this video ;-)
Reply Retweet Like
Michael Schwarz 9 Jan 18
No. But academics like Linux for various reasons: it is free, it is easy to adapt, there are a lot of great development and debugging tools, you can look at the source to understand what is going on. Exploit writers like Linux as it runs on most servers ;)
Reply Retweet Like