lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 27 Feb 2009 15:19:29 +1100
From: Jubei Trippataka <vpn.1.fanatic@...il.com>
To: neeko@...lingsinister.net
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Apple Safari 4 Beta feeds: URI NULL Pointer
	Dereference Denial of, Service Vulnerability

>
>
> I'll clarify for everyone since you seem lost.
> EVERYONE, THE NULL POINTER DOES NOT GET DEREFERENCED. It only
> gets referenced. And Jubei isn't even sure a null pointer is involved
> at all =)
>
> With that out of the way, I'd just like to say that I only meant to
> encourage people to check out an excellent paper. I didn't mean to say
> anything related to your argument other than to say that that
> paper is a must-read. If you can't appreciate that, why the fuck are you
> on F-D? Think about it.
>
>
>
I'm didn't even comment on Mark's paper, it is definitely a great piece of
research, there is no doubt. It's just that some people have read this paper
and thought, wow, all those NULL bugs are now exploitable. It's important to
separate these bug classes.

I'd even go to say that while this paper is a must-read, please also spend
some time understanding it, otherwise don't bother.

-- 
ciao

JT

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ