Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Google's NativeClient Contest
Posted by: tx
Date: March 03, 2009 04:14PM

Google's giving out cash (in powers of 2) for exploits for their Native Client project:
Quote

Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps.

Info is here http://code.google.com/contests/nativeclient-security/

Anyone playing?

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: Google's NativeClient Contest
Posted by: nEUrOO
Date: March 03, 2009 05:30PM

Don't think I can/want take the time to do this, but might be interesting, for a quick review kind of exercise. Do you?

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

Options: ReplyQuote
Re: Google's NativeClient Contest
Posted by: rvdh
Date: March 03, 2009 09:19PM

I think it's Achilles’ heel will be the Netscape plugin interface for browsers, just like it was for Active-X.

Options: ReplyQuote
Re: Google's NativeClient Contest
Posted by: thrill
Date: March 04, 2009 12:37AM

I think we're about to witness the next google millionaire.. :)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Google's NativeClient Contest
Posted by: Spyware
Date: March 04, 2009 12:49AM

They want to "make it as safe as Javascript".

Durr.

Options: ReplyQuote
Re: Google's NativeClient Contest
Posted by: rvdh
Date: March 06, 2009 09:37AM

Yah interesting idea, but it goes on the same path as Active-X and SilverLight, with the exception it seems of an EXTRA sandbox. Hm, I am always a bit alarmed when people start to put a vault inside another vault, but hey that might be me. Why would you want to run x86 code inside your browser, can't think of any valid reason actually. I think I wait until they release the browser plugin plus an executable, too lazy to compile and run beta stuff right now.

Options: ReplyQuote
Re: Google's NativeClient Contest
Posted by: darknessends
Date: March 07, 2009 04:49PM

Hey ! I think they are on lines to support their so called centralized Operating System. This x86 running browser has the power to turn the web upside down ! I wish i knew much assembly to join them.

Options: ReplyQuote
Re: Google's NativeClient Contest
Posted by: darknessends
Date: March 07, 2009 04:54PM

@RVDH--
Where have you been ? Why u killed 0x000000 and now rvdh.co.cc is also not alive.
And you do not even reply emails. And private messages. I needed to talk to you.

Options: ReplyQuote
Re: Google's NativeClient Contest
Posted by: gat3way
Date: March 08, 2009 04:38AM

Tried it, built some simple .nexe client-side applications.

First thing I tried to do was to call syscalls directly, via inline assembly. The browser crashed (wasn't the sandbox supposed to show a warning message or something?).

Anyway, if their sandbox can hook all jumps into kernelmode (e.g int 80h) then it would be pretty hard to make it run your own code. Probably there will be some elegant trick to overcome that, who knows.

Something like multi-platform ActiveX sounds like a frightening idea, yes I agree :)

Options: ReplyQuote
Re: Google's NativeClient Contest
Posted by: rvdh
Date: March 08, 2009 05:10AM

Yeah, almost anything that was considered secure has been hacked one way or the other. I live by Murphy's Law, I wish they'd do the same, cuz is bound to happen. It's a pessimistic view, but sadly most of the time true. Most would argue that security isn't restriction, but I'd like to think it is. I see browsing as browsing, and not serving. Why should a browser serve, like an OS does and what's probably intended? A browser as OS is probably the future, and I think we're going through the same curve as before, this time it's all transposed unto the browser. Personally I don't think the browser is mature enough to handle all of this yet. Sure I might be blatantly wrong, but given history is bound to repeat itself.

Options: ReplyQuote


Sorry, only registered users may post in this forum.