Full Disclosure mailing list archives
Re: adobe.com important subdomain SQL injection again!
From: Marsh Ray <marsh () extendedsubset com>
Date: Mon, 20 Dec 2010 12:51:58 -0600
On 12/19/2010 09:32 PM, John Jester wrote:
Sandboxing the plug-in from your system fixes it I believe. It's so futile sandboxing it was key.
OK, so if sandboxing works, then why not just let devs build x86/x64 code in the first place? In the same category as Native Client or ActiveX. Maybe because sandboxing isn't going to work so well?
And security, hell a multi-billion dollar company can't keep it from gobbling up 100% cpu in some instances. Huge note: over the years has been massive improvement in both performance and security.
I wonder how much of that is the game or app itself in a tight loop. CPU is, after all, there to be used.
It's not hopeless or futile, but come on, it's like the titanic.
Remember chapter 1 of the textbook when it said "The first rule of security is never try to retrofit security, _ever_!!" and underlined it three times? Well see back in 1996 there were these really popular animation and multimedia CD-ROM authoring packages and... the rest is history. - Marsh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: adobe.com important subdomain SQL injection again!, (continued)
- Re: adobe.com important subdomain SQL injection again! Jeffrey Walton (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Pavel Kankovsky (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Jeffrey Walton (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Marsh Ray (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Christian Sciberras (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Victor Rigo (Dec 19)
- Re: adobe.com important subdomain SQL injection again! John Jester (Dec 20)
- Re: adobe.com important subdomain SQL injection again! Jeffrey Walton (Dec 23)
- Re: adobe.com important subdomain SQL injection again! Serkan Özkan (Dec 20)
- Re: adobe.com important subdomain SQL injection again! John Jester (Dec 20)
- Re: adobe.com important subdomain SQL injection again! Marsh Ray (Dec 20)
- Re: adobe.com important subdomain SQL injection again! Pavel Kankovsky (Dec 23)
- Re: adobe.com important subdomain SQL injection again! Chris Evans (Dec 21)