LEAKING ADDRESSES WITH VULNERABILITIES THAT CAN'T READ GOOD presented at SummerCon 2013

by Dionysus Blazakis,

Tags: Exploitation Browser Javascript Information Leaks Timing Attacks

Summary : "Paul and Dion ask: What Would Paul Kocher Do? We will present two methods for disclosing heap addresses in ECMAScript engines without a traditional wild read/write primitive. The first technique [1] takes advantage of timing differences exposed via a popular hastable implementation technique. The second technique [2] exploits observable weak references and a common garbage collection implementation technique. We'll demonstrate and discuss the implementation of each technique. Finally, we'll discuss attempts applying these techniques to multiple engines including both successes and failures. Side channels aren't just for cryptographers."