Vulnerability Development mailing list archives
Re: Plain text password for Microsoft (icwip.dun)
From: hellNbak <hellnbak () nmrc org>
Date: Tue, 9 Jul 2002 18:46:59 -0400 (EDT)
It will prevent copyright abuse until broken. How long does the average anti-piracy scheme last? And remember - you deploy this one, you're STUCK with it because there's hardware involved.
I totally agree with you.
All it takes is one good buffer overflow. Like we haven't seen security bugs in trusted, signed ActiveX controls and the like before. I've seen almost nothing that says that *exploits* will be any more difficult to carry out.
From what I can tell from the little detail I have read is that the system
at both a hardware and software level will not run any program that is not properly signed (or whatever). So, in order to get your arbitrary code to run, you need to be sure that the system will trust it -- which adds a bit of complication to the whole process but definately doesn't make it impossible. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" hellNbak () nmrc org http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Current thread:
- Plain text password for Microsoft (icwip.dun) Steven Jones (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Knud Erik Højgaard (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Knud Erik Højgaard (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) hellNbak (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Valdis . Kletnieks (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) hellNbak (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Blue Boar (Jul 09)
- Palladium dullien (Jul 10)
- Malicious COM Surrogates Jason Coombs (Jul 29)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Joerg Mayer (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Juan M. Courcoul (Jul 10)
- Re: Plain text password for Microsoft (icwip.dun) Deus, Attonbitus (Jul 10)
- Re: Plain text password for Microsoft (icwip.dun) Ron DuFresne (Jul 10)
- <Possible follow-ups>
- RE: Plain text password for Microsoft (icwip.dun) Kayne Ian (Softlab) (Jul 10)
- RE: Plain text password for Microsoft (icwip.dun) Deus, Attonbitus (Jul 10)