lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 21 Dec 2004 16:55:57 -0500
From: sean <infamous41md@...pop.com>
To: bugtraq@...urityfocus.com
Subject: Re: DJB's students release 44 *nix software vulnerability
 advisories


I don't know what you people are arguing about.  The bugs are valid, and they're
remote, and that's the end of the story.  Haven't any of you ever done a
tutorial online to learn some new techniques?  Didn't you perhaps download a C
file, or assembly file, and build it on your system?  When you downloaded and
built that code, you assumed the only actions that would occur are the actual
assembly instructions you are reading.  Now I haven't looked at the nasm bugs
yet, so I don't know if you are able to spot an evil asm file with a quick look
(though you probably are). Yes I'm pretty sure that most of would realize
something is wrong, but still, crap, look at all the idiots that get infected by
BRITNAYSPARESPRONG.JPG files every day.  Yes there may be some mitigating
factors that make it difficult to exploit, but that does not invalidate the
vulnerability.

-- 
[ sean ]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ