Forum: >>> Magnum BBS <<<

memory corruption as attack vector

From Retrograde@21:1/5 to All on Sun Mar 17 09:00:48 2024

From the «alzheimers as a service» department:
Feed: OSnews
Title: Secure by design: Google’s perspective on memory safety
Author: Thom Holwerda
Date: Fri, 15 Mar 2024 10:45:06 -0400
Link: https://www.osnews.com/story/138837/secure-by-design-googles-perspective-on-memory-safety/

Google’s Project Zero reports[1] that memory safety vulnerabilities[2]—security defects caused by subtle coding errors related to how a program accesses memory—have been “the standard for attacking software
for the last few decades and it’s still how attackers are having success”. Their analysis shows two thirds of 0-day exploits detected in the wild used memory corruption vulnerabilities. Despite substantial investments to improve memory-unsafe languages, those vulnerabilities continue to top the most commonly exploited vulnerability classes[3].

In this post, we share our perspective on memory safety in a comprehensive whitepaper[4]. This paper delves into the data, challenges of tackling memory unsafety, and discusses possible approaches for achieving memory safety and their tradeoffs. We’ll also highlight our commitments towards implementing several of the solutions outlined in the whitepaper, most recently with a $1,000,000 grant to the Rust Foundation[5], thereby advancing the development of a robust memory-safe ecosystem.
↫ Alex Rebert and Christoph Kern at Google’s blog[6]

Even as someone who isn’t a programmer, it’s impossible to escape the rising
tide of memory-safe languages, with Rust leading the charge. If this makes the software we all use objectively better, I’ll take the programmers complaining they have to learn something new.

Links:
[1]: https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html (link)
[2]: https://www.memorysafety.org/docs/memory-safety/ (link)
[3]: https://cwe.mitre.org/top25/archive/2023/2023_kev_list.html (link)
[4]: https://research.google/pubs/pub53121/ (link)
[5]: https://security.googleblog.com/2024/02/improving-interoperability-between-rust-and-c.html (link)
[6]: https://security.googleblog.com/2024/03/secure-by-design-googles-perspective-on.html (link)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Bob Worm
  Sun Jun 7 20:58:28 2026
  from Wales, Uk via Telnet
- Michal Wronka
  Sun Jun 7 19:26:28 2026
  from Wroclaw, Poland via SSH
- Centurion
  Sun Jun 7 16:59:51 2026
  from Berea, Ohio via Telnet
- Furryboy
  Sun Jun 7 13:40:29 2026
  from Romania, Galati via SSH
- Krenn
  Sun Jun 7 10:02:33 2026
  from Sydney, Nsw via Telnet
- Spearb0y
  Sun Jun 7 07:41:05 2026
  from Massachusetts via SSH
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	07:32:05
Calls:	12,100
Calls today:	8
Files:	15,003
Messages:	6,517,933
Posted today:	1

memory corruption as attack vector

Who's Online

Recent Visitors

System Info