Re: No sellout. was: RE: Lynn / Cisco shellcode

[Holden Williamson <limeyhaqr () gmail com>]

> I'm a bit more disposed to be positive about what Lynn did. The stuff
> he discussed would be a heck of a lot scarier if "virtual processes"
> were in common use, as Cisco is working toward.

Oh come on. As somone already pointed out elsewhere "Nobody who has
spent more than a year doing vulnerability work believes that buffer
overflows are unexploitable anywhere, even on platforms that
preemptively reboot to avoid problems."
If a system runs executable code it can be made to run unauthorized
executable code - from your PC to your cable-modem to your bloody
xbox. This is computer security 101. It's not 1992AD anymore guys.

If anyone really sat there and thought "wow, I never thought about
remotely executing code on a cisco before" then they should be
probably be asking themselves why they're playing with this security
muck in the first place.

-holden
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave