Go and read floating point math.
On 9/29/07, wac <waldoalvarez00@gmail.com> wrote:
Many bugs are security related (I would say all). How it is security
related? Think. What happens if your bank calculates something wrong and
puts the lower in your account and the higher in another account? Yes It
might be little but what about a little many times? That could be done
with javascript too. Then... you are not safe anymore.
Specially today with the invasion of AJAX. One of the
browsers is broken for sure (several?). They should do the same even in such
small things. Should at least be very carefully documented. However just
documenting it is only going to bring trouble since many programmers won't
be aware of that. They would not even be making mistakes in the code but
triggering somebodie's else errors. This kind of stuff happens many times.
For instance a couple of days ago I hitted a problem in wich both Opera and
Firefox behaved differently to IE (some parameters in the form where not
sent to the server). Was with a <table><form></form></table> instead of
<form><table></table><form> (or the other way around can't remember right
was the workaround).
Yes, every bug is security related. A database that is out of synch. An
improperly rounded number. Remember why Arianne blowed up on the air because
of this? Remember the mars landrover locked because of a priority inversion
bug? Would you call it a security bug? I really doubt many of you would.
However millions were lost. Wasn't security related? Think. What about if
someday the computers that handle the nuclear plant nearby make a wrong
rouding and one of the parameters go out of rank? Computers handle that,
handle your car, all of your communications, your heart beat and even your
foot steps (heard about those smart Adidas with a chip?).
What if an airplane computer miss one of the parameters? It *is* a security
bug even if it is not a stack/heap overflow, an integer overflow and all of
the rest you all know about. I consider if not all of the bugs, at least the
vast majority as security bugs. For your very own good start thinking that
way too. Because someday you could even die just because somebody's else
made a mistake in one of those control systems. Worst yet... because someone
thought that it wasn't a security bug and was not important to fix it.
Regards
Waldo Alvarez
PD: Now you have another way to verify (fingerprint) wich browser is used to
browse a website even with spoofed User-Agent headers if javascript is
turned on.
And go and learn some floating point maths.
On 9/28/07, carl hardwick <hardwick.carl@gmail.com > wrote:
There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
subtractions.
PoC concept here:
javascript:5.2-0.1
(copy this code into address bar)
Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!)
Internet Explorer 7 result: 5.1 (OK)
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
