On Tue, Oct 30, 2012 at 11:09 AM, Jeffrey Walton <[email protected]> wrote: > On Tue, Oct 30, 2012 at 5:03 AM, Ben Laurie <[email protected]> wrote: >> On Mon, Oct 29, 2012 at 10:34 PM, Jeffrey Walton <[email protected]> wrote: >>> On Fri, Oct 26, 2012 at 2:29 PM, John Case <[email protected]> wrote: >>>> >>>> [SNIP] >> >> Apparently you think the best way to get a secure platform is to apply >> pressure through pointless security standards. I'd suggest your >> efforts might be better spent supplying patches instead. Or, y'know, >> talking to the authors of the s/w in question. You never know, they >> might care. > I'm not sure I agree some defenses are pointless.
Nor would I, which is why its lucky its not what I said. > For example, > attackers are very clever at building exploits such as ROP gadgets. > ASLR and DEP are two of the better defenses we have in this case when > a program failed its initial mission of no bugs. I'm not convinced a > second line of defense is pointless. And I am aware of userland and > kernel leaking addresses at times - I'm just not willing to throw the > baby out with the bath water. > > Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
