Google Salt! Now with pwnies!

0 views
Skip to first unread message

Alan

unread,
Sep 10, 2009, 5:12:02 PM9/10/09
to DC612
Going by the nickname of NaCl (salt, anyone?) is one of Google's
projects: Native Client. You can read about the details at

http://code.google.com/p/nativeclient/


but it can be summed up as a method for executing native x86 code from
within a browser. This places it somewhere between Java and ActiveX
(ploit). It's supposed to actually have conditions which need to be
met before code can execute (as opposed to ActiveX(ploit)'s sign-the-
code-and-go model), but isn't quite the relatively rigid execution
protocol used by Java. They've implemented Quake already, which
should give you some idea of what else might be possible.

I then happened upon a Matasano blog entry on this, and thought it
worth pointing out:

http://chargen.matasano.com/chargen/2009/8/27/the-security-implications-of-google-native-client.html


Fascinating reading... and it *IS* good to see that Skynet has noticed
Google. :-)


--
Alan
Reply all
Reply to author
Forward
0 new messages