Discussion in 'other security issues & news' started by pandorax, May 25, 2012.
I predict a fall, seeing as how I've not seen nor heard of anything Opera has that makes it secure (besides too few using it).
It has a few 'security' extensions I think. It would be interesting to see just how it does. I wonder if they will include the 64 bit beta Opera 12? I'm quite interested in trying the final version of that myself. I'd be interested to know how much more secure 64 bit browsers are compared to 32 bit.
If anyone actually bothers to target it it's definitely going to fall lol
I think for competitions it makes very little difference. 64bit basically just makes it impossible to bruteforce ASLR but in a competition they're likely going to go in already knowing where some static address space is (there's always some area that's going to be the same) or having some kind of information leak or just using an exploit that doesn't deal with ROP at all.
In reality an attacker might resort to bruteforcing, I just don't see it happening in a competition.
OK thanks, I have a slight knowledge of what ASLR is, not too sure about 'ROP'. I was under the impression that 64 bit operating systems were much safer than 32 bit. I tended to assume that was just as applicable to browsers.
ROP is return oriented programming. It's a way to bypass DEP (data execution prevention) so that you can execute code. ROP needs to be able to see code in some part of the processes address space so that it can use that code to execute what it wants. ASLR makes it so that they can't find the code so there's no way to execute it.
To bypass ASLR you need to try to find code. This isn't hard on 32bit as the address space is small. On 64bit it's basically impossible - you need to bypass it through other ways or avoid the situation entirely.
OK, thanks for the info.
Separate names with a comma.