Full Disclosure mailing list archives
Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
From: Reindl Harald <h.reindl () thelounge net>
Date: Wed, 21 May 2014 20:21:06 +0200
Am 21.05.2014 20:12, schrieb Michal Zalewski:
the existence of "C:\Program.exe" must not have any bad affect for any random installer not intending to execute thisSounds like a good goal. The installer probably also shouldn't play obscene messages via PC speaker. If it did, it would be undesirable and probably considered a bug Now, in practical terms... in absence of a plausible risk / attack vector, it doesn't sound like much of a security issue (unless you adopt the approach advocated on the predecessor of this list by Mr. Lemonias)
and *that* attitude is the root cause for all the software crap around * anobody knows that unverified input is bad * anybody knows that unescaped input is bad so why the fuck discuss in the way "show me the attack vector" instead a) learn from the existing bad code to write better and just accept that *it is* a security relevant bug 90 out of 100 security flaws in the past years where from the category "hy should i bother about this and that, it is unlikely"
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Stefan Kanthak (May 20)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Tavis Ormandy (May 20)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Project Un1c0rn (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Tavis Ormandy (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Project Un1c0rn (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe coderaptor (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Tavis Ormandy (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Reindl Harald (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Michal Zalewski (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Stefan Kanthak (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Reindl Harald (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Michal Zalewski (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Mario Vilas (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Project Un1c0rn (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Tavis Ormandy (May 20)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe coderaptor (May 22)