lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed Jan 18 19:59:47 2006
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: Security Bug in MSVC


Jason Coombs wrote in news:43CD7A48.1020800@...ence.org
> Morning Wood wrote:
>> ------------------------------------------------------------
>>      - EXPL-A-2006-002 exploitlabs.com Advisory 048 -
>> ------------------------------------------------------------
>>
>>               - MSVC 6.0 run file bug -
>
> Nice thinking, Donnie. This must be the "new class of vulnerability"
> that was hinted at by Microserfs a few months ago... The attacks are
> launched by way of source code distributions rather than binary code.

  Why is this a terrible insecure microsoftism, when GNU make does exactly 
the same?

  And let's never forget those evil 'configure' scripts.  Hell, at least 
they actually *have* been an attack vector on several occasions.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



Powered by blists - more mailing lists