Patent-pending==retarded

[Dave Aitel <dave () immunitysec com>]

http://www.smashguard.org got posted to bugrtraq yesterday.

When will people realize that "patent pending" is a sign of stupidity 
and ignorance, and not something to be proud of? If I wasn't knee deep 
in threading issues, I'd go into depth on how no one, not in 20 years, 
not in 2000 years, is going to use this "solution" to buffer overflows. 
Instead, I'll just say that they quote PaX as an address randomization 
technique, instead of understanding what it really is. They have it in 
their tech report under the section 3.2. "Modification of the 
Executable". They have no clue. Carla E Brodley and T.N. Vijaykumar 
should be ashamed of themselves. What they are guilty of, like everyone 
writing ROI of Security Investment papers without at least considering 
the possibility that a paper written ten years ago about a different 
issue is not relevant, is bad science. Apparantly the price for bad 
science is strangers making fun of you on mailing lists that get 
archived by Google.

Dave Aitel
CTO
Immunity, Inc.







_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave