Credit: Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos, Cristiano Giuffrida
Exploit writers have been bending over backwards to try to defeat ASLR for the better part of a decade. Usually this requires finding some soon-to-be-patched memory disclosure bug. Of course this is a hard job and needs to be repeated for different browsers/plugins/versions/etc. Then these guys come along with a universal ASLR bypass based on timing of the caching of memory access. Of course this works using Javascript in most browsers by default and isn’t really something you can fix very easy. Seems too easy, I think I’ll keep looking for infoleaks like a real hacker.