Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

from [Jimby Sharp] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
Date: Sun, 30 Sep 2007 11:55:25 +0530 
Exactly! And the so called security experts who are giving long
lectures in the list about how any bug can result in a potential
security flaw, they are forgetting that if a security flaw arises it
arises because of the programmer and not Firefox.

If I use strcpy() to read user input into a buffer, I am at fault and
not C compiler.

On 9/30/07, Andrew Farmer <andfarm@gmail.com> wrote:

On 28 Sep 07, at 19:25, wac wrote:

On 9/28/07, Jimby Sharp <jimbysharp@gmail.com> wrote:

How is this serious and is it related to security in any manner? If
not, please do not spam. :-(


 Many bugs are security related (I would say all). How it is security
related? Think. What happens if your bank calculates something
wrong and
puts the lower in your account and the higher in another account?
Yes It
might be little but what about a little many
times? That could be done with javascript too. Then... you are not
safe
anymore.


If your bank is doing financial calculations using Javascript in a
standard web browser, you have bigger things to worry about than
roundoff errors.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Testing DidTheyReadIt.com, James Matthews
Next by Date:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug, James Matthews
Previous by Thread:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug, Andrew Farmer
Next by Thread:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug, James Matthews
Indexes:  [Date] [Thread] [Top] [All Lists]