-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you look at the exploit you will see it is a simple case of failing to check array/string bounds. A fairly standard hazard in C code. This kind of mistake doesn’t require complex code, though it is more likely in complex code.
What concerns me more is the prevalence of “hidden” processors showing up on our systems. From the TrustZone to cell phone base band processors to Intel’s Enterprise Management Engine. All of these have complete access to our systems, run unpublished, un-audited code and in many cases cannot be upgraded! The Ultimate Root Kit you may not be able to remove without throwing away your hardware *and* waiting an arbitrary period of time for new hardware to come out with the problem solved (and new ones provided). - -Jeff -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXeTOU8CBzV/QUlSsRAg48AJ0YMmQVDgu3zcYzs6Cxh56WvTy3TwCg5OK7 N72d/OBWIjEVAoNqCvBAfjI= =GI4y -----END PGP SIGNATURE----- -- _______________________________________________________________________ Jeffrey I. Schiller Information Systems and Technology – MIT App Inventor Massachusetts Institute of Technology 77 Massachusetts Avenue Room 32-386 Cambridge, MA 02139-4307 617.910.0259 - Voice [email protected] http://jis.qyv.name http://appinventor.mit.edu _______________________________________________________________________
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
