| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200402140322.i1E3MSlo018463@turing-police.cc.vt.edu> From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: RE: W2K source "leaked"? On Fri, 13 Feb 2004 20:22:32 CST, Paul Schmehl <pauls@...allas.edu> said: > I suspect that flaws will probably be found. After all, they already have > been found without the source. It's only logical that with the source in > hand more flaws will be found. And at a vastly increased rate. We have to assume at this point that every serious black hat now has a copy of at least 660M of MS source. And while holes can be found by disassembly and reverse engineering, it goes a LOT faster with the source. What was a string of 12 LOAD and STORE opcodes with 2 ADDS thrown in and then a CALL suddenly becomes: "Holy <insert Elder God here>. They never called strlen()".... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040213/fb38d998/attachment.bin
Powered by blists - more mailing lists