funsec mailing list archives
I'm so excitied, I just can't hide it.......
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Fri, 18 Apr 2008 08:29:01 -0400
When I see a null pointer bug in an application, I question how well the application has been vetted for more dangerous security vulnerabilites. OTOH, many vendors pooh-pooh null pointer bugs, because they don't allow remote code execution. Perhaps it is time for vendors to take these errors more seriously? Richard <http://tech.slashdot.org/tech/08/04/18/0436232.shtml> NULL Pointer Exploit Excites Researchers Posted by Soulskill on Friday April 18, @05:18AM from the ruh-roh-shaggy dept. <http://slashdot.org/search.pl?tid=108> Java Da Massive writes "Mark Dowd's paper "Application-Specific Attacks: Leveraging the ActionScript Virtual Machine" has alarmed researchers <http://www.cio.com.au/index.php/id;342968942> . It points out techniques that promise to open up a class of exploits and vulnerability research previously thought to be prohibitively difficult. Already, the small but growing group of Information Security experts who have had the chance to read and digest the contents of the paper are expressing an excited concern depending on how they are interpreting it. While the Flash vulnerability described in the <http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf> paper[PDF] has been patched by Adobe, the presentation of a reliable exploit for NULL pointer dereferencing has the researchers who have read the paper fascinated. Thomas Ptacek has an explanation <http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash -exploit/> of Dowd's work, and Nathan McFeters at ZDNet is 'stunned by the technical <http://blogs.zdnet.com/security/?p=1030> details.'" <http://slashdot.org/login.pl> [+] security <http://slashdot.org/tags/security> , java <http://slashdot.org/tags/java> , dowd <http://slashdot.org/tags/dowd> , null <http://slashdot.org/tags/null> (tagging beta <http://slashdot.org/faq/tags.shtml> ) * <http://tech.slashdot.org/tech/08/04/18/0436232.shtml> Read More...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- I'm so excitied, I just can't hide it....... Richard M. Smith (Apr 18)
- Re: I'm so excitied, I just can't hide it....... Larry Seltzer (Apr 18)
- Re: I'm so excitied, I just can't hide it....... coderman (Apr 18)
- Re: I'm so excitied, I just can't hide it....... Larry Seltzer (Apr 18)