through other vectors).
Plenty of developers use Visual Studio to create non-MFC applications.
And at least a few of us use Microsoft toolchains and libraries without
the enormous pile of VS overhead. (Whether there's anyone in the latter
group who uses MFC is another question.)
--
Michael Wojcik
name be overridden by an environment
variable.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
From: Stefan Kanthak [mailto:stefan.kant...@nexgo.de]
Sent: Monday, 08 February, 2010 16:33
Michael Wojcik wrote:
From: Stefan Kanthak [mailto:stefan.kant...@nexgo.de]
Sent: Saturday, 06 February, 2010 08:21
Since Windows 2000 NTFS supports junctions, which pretty much
resemble
, via Services for Unix; but at least in SFU
2.0, symlinks were just files with a special format, not reparse
points.)
The Windows SMB server apparently won't cross reparse points, though, so
there's no equivalent vulnerability.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
, but not
necessarily in others, can 1) force that domain down for an extended
time, and/or 2) force all domains down.
Privilege isn't an absolute; there are degrees of privilege, and this
bug lets a user do more damage than their degree of privilege should
allow.
--
Michael Wojcik
Principal Software
/6ad2d5b50a96668e
[2]
http://groups.google.com/group/vim_dev/browse_thread/thread/14
34d0812b5c817e/6ad2d5b50a96668e
[3] http://groups.google.com/group/vim_dev/msg/dd32ad3a84f36bb2
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
implications, and the '400 has
shown that they're commercially viable. Intel's early effort at a
capability architecture (the 432) died because it couldn't compete on
performance, but the long life of the '400 suggests that perhaps the
time is right to try again.
--
Michael Wojcik
Principal
-SSL.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
?
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
? What about login -z asdfasdf?
(I know what they do on a couple of older Solaris boxes I happen to
have, but I'll leave this as an exercise for the reader.)
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
,
produced a window with the title about: - Google - Mozilla Firefox on
my test system (once I had NoScript temporarily allow Javascript from
your site). I don't know offhand why I got the about: - prefix;
perhaps because NoScript disables Javascript from about:blank by
default?
--
Michael Wojcik
sure
it was known well before then.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
in popular languages for managing
concurrency, such as explicit exclusive control of shared resources,
help, but they leave far too much to some of the least reliable parts of
the system - the coder's attention, memory, and imagination.
--
Michael Wojcik
Principal Software Systems Developer, Micro
be infelicitous, but it is
not, properly speaking, a bug.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
successfully open a security-critical process has
already won.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
convincing users and programmers to
adopt even its uncontroversial recommendations; I doubt you'll get any
traction with this one.
Michael Wojcik
Principal Software Systems Developer, Micro Focus
prompted more discussion than
it warrants. There is a portable way to prevent the dead-store-elimination
problem, but that's only one of scrubbing's many failings.
Michael Wojcik
Principal Software Systems Developer, Micro Focus
Reposted.
-Original Message-
From: Michael Wojcik
Sent: Wednesday, November 06, 2002 12:25 AM
To: 'Michael Howard'
Cc: [EMAIL PROTECTED]
Subject: RE: When scrubbing secrets in memory doesn't work
From: Michael Howard [mailto:mikehow;microsoft.com]
Sent: Tuesday, November 05
== pw-2]
H(password || pad || known-string || password) [pad pw to full
block]
The simplest of these, in terms of retrofitting existing systems that use
one of the constructions Ishikawa mentions, is
H(password || H(password || known-string))
Michael Wojcik [EMAIL
r their names, but
that's a small price to pay for actually being able to see what's going on.
Michael Wojcik [EMAIL PROTECTED]
MERANT
Department of English, Miami University
21 matches
Mail list logo