lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 20 Jul 2012 17:46:39 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: Bzzz <lazyvirus@....com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: A modest proposal

Wow, how short sighted.

So you really think that obfuscating code is a good excuse to escape
reviewing of bad code?
With all that trouble, you could just write it correctly from scratch (or
give it more time for testing).

But at this point, I think everyone is getting their own deal out of this.
The original idea does not work for each and every case, and it definitely
fails badly in some specific
cases...this however, does not discredit it at all.

On the other hand, if all you really care about is trolling...well, that's
another different story.




On Fri, Jul 20, 2012 at 4:01 AM, Bzzz <lazyvirus@....com> wrote:

> On Thu, 19 Jul 2012 21:08:47 -0400
> Glenn and Mary Everhart <everhart@....com> wrote:
>
>
> > If you have a piece of code that you don't want malware to be able
> > to inspect, that might perhaps
> > have some "secrets" in it or that you want not to be trivial to
> > have some other code patch,
> > why not arrange for that code to be different in form (but the
> > same in function) with every copy?
>
> It isn't very realistic because wherever you put the code, in
> whatever native form, you first have to decode it to RAM for
> execution; and if this code is a piece of crap, it'll stay a
> piece of crap.
>
> Furthermore, obfuscation can "talk to you" when you're used to
> review tons of code (haaa, apple][ nibble counts and other
> "protections", where did ou go?:), and sensibly slows down
> programs responsiveness.
>
> The base of the problem isn't obfuscation but producing good
> and tested code, AND reacting fast when a flaw is discovered.
> This is what most of open-source coders fight to do and what
> big corps strive to avoid.
>
> In this matter, everybody's here knows that threatening these
> corpos of a full disclosure is the only way to go, because
> they're like kids that won't grow up and seek the least effort
> possible & max benefit way - in a word, they're irresponsible.
>
> JY
> --
> <lily34> were made one for each other
> <lily34> we'll marry
> <lily34> we'll have many children
> <EthanQix> :/
> <lily34> like Roméo and Juliette :D
> <EthanQix> hmmm you apparently didn't finished the book.
> <lily34> ?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ