Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Plain text password for Microsoft (icwip.dun)

From: hellNbak <hellnbak () nmrc org>
Date: Tue, 9 Jul 2002 18:46:59 -0400 (EDT)
It will prevent copyright abuse until broken.  How long does the average
anti-piracy scheme last?  And remember - you deploy this one, you're STUCK
with it because there's hardware involved.



I totally agree with you.


All it takes is one good buffer overflow.  Like we haven't seen security bugs
in trusted, signed ActiveX controls and the like before.  I've seen almost
nothing that says that *exploits* will be any more difficult to carry out.



From what I can tell from the little detail I have read is that the system

at both a hardware and software level will not run any program that is not
properly signed (or whatever).  So, in order to get your arbitrary code to
run, you need to be sure that the system will trust it -- which adds a bit
of complication to the whole process but definately doesn't make it
impossible.


-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak () nmrc org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Previous By Date Next
Previous By Thread Next

Current thread: