<<< Date Index >>>     <<< Thread Index >>>

Re: DJB's students release 44 *nix software vulnerability advisories



I don't know what you people are arguing about.  The bugs are valid, and they're
remote, and that's the end of the story.  Haven't any of you ever done a
tutorial online to learn some new techniques?  Didn't you perhaps download a C
file, or assembly file, and build it on your system?  When you downloaded and
built that code, you assumed the only actions that would occur are the actual
assembly instructions you are reading.  Now I haven't looked at the nasm bugs
yet, so I don't know if you are able to spot an evil asm file with a quick look
(though you probably are). Yes I'm pretty sure that most of would realize
something is wrong, but still, crap, look at all the idiots that get infected by
BRITNAYSPARESPRONG.JPG files every day.  Yes there may be some mitigating
factors that make it difficult to exploit, but that does not invalidate the
vulnerability.

-- 
[ sean ]