Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DJB's students release 44 *nix software vulnerability advisories

from [sean] Network Security [Permanent Link]
Subject: Re: DJB's students release 44 *nix software vulnerability advisories
Date: Tue, 21 Dec 2004 16:55:57 -0500 
I don't know what you people are arguing about.  The bugs are valid, and they're
remote, and that's the end of the story.  Haven't any of you ever done a
tutorial online to learn some new techniques?  Didn't you perhaps download a C
file, or assembly file, and build it on your system?  When you downloaded and
built that code, you assumed the only actions that would occur are the actual
assembly instructions you are reading.  Now I haven't looked at the nasm bugs
yet, so I don't know if you are able to spot an evil asm file with a quick look
(though you probably are). Yes I'm pretty sure that most of would realize
something is wrong, but still, crap, look at all the idiots that get infected by
BRITNAYSPARESPRONG.JPG files every day.  Yes there may be some mitigating
factors that make it difficult to exploit, but that does not invalidate the
vulnerability.

-- 
[ sean ]
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability, James Tucker
Next by Date:  [Full-Disclosure] Script Injection in Google Groups Beta, n3td3v
Previous by Thread:  Re: DJB's students release 44 *nix software vulnerability advisories, Dave Holland
Next by Thread:  Re: DJB's students release 44 *nix software vulnerability advisories, milw0rm Inc.
Indexes:  [Date] [Thread] [Top] [All Lists]