For people reading and not following this. A vulnerability is a situation that allows users to do something that they should not be allowed to do. The fact that people hacked into a web site is a security issue and it can and should be prevented. The fact that after people hack into a web site they can modify any code running there, that is not something anybody can do anything about. The fact that anybody can modify data and/or code that they have access to is not a vulnerability. The fact that any DRM scheme can be broken is also not a vulnerability.
Massimo On Oct 9, 3:14 pm, Phyo Arkar <[email protected]> wrote: > Theres nothing to be alarmed about. > > Any EXE can be infected. Any Libraries can be infected. > > In the hacking underground scene , there are infected SSH libs that behaves > exactly like openssh but logs all the passwords. And there was a case where > repos get hacked and replaced with trojan sshlibs. I don't remember which > repo is , red hat or fedora. > > One of Myanmar ISP was target and gateway (proxy) machine was get hacked too > , many password stolen. I know with the lead hacker and he showed me the > group of bot he controlled which are within ISP's internal machines. > > Java JRE can be infected and can do that way too, > > On Sun, Oct 9, 2011 at 10:42 PM, Massimo Di Pierro < > > > > > > > > [email protected]> wrote: > > I agree. Any program source or binary, written in any language, can be > > infected by worms. There are plenty of tools to do this. > > As a teacher, I would expect any CS graduate to know how to do this > > for any binary (exe) file and any good python programmed to know how > > to do it to Python (pyc) files. The pytroj library just makes it a > > little easier. > > > That is why when you download code, you should downloading is from a > > reputable source and possible check the md5 signature. > > That is why Apple appstore is a success. > > > Massimo > > > On Oct 9, 9:49 am, ~redShadow~ <[email protected]> wrote: > > > On Sun, 2011-10-09 at 10:54 -0300, Bruno Rocha wrote: > > > > symantec found a worm which infects. pyc files[1] > > > > > the virus source code is in [2] > > > > > [1]http://www.symantec.com/connect/blogs/python-has-venom > > > > > [2]https://github.com/maurobaraldi/Pytroj > > > > I don't see where the exact risk is, a part from that a .pyc doing > > > something different may be shipped along with a .py that looks like it > > > is the source code, but it isn't; this is quite like shipping > > > something.exe plus something.c: nothing guarantees that something.c is > > > the source code for something.exe. > > > > Plus, everything that can modify the .pyc would probably also be able to > > > modify the .py directly, run malicious code directly, etc. etc.. > > > > -- > > > Samuele ~redShadow~ Santi > > > ---------------------------------------------------------------- > > > redshadow[at]hackzine.org - redshadowhack[at]gmail.com > > > > Blog:http://hackzine.org > > > > GPG Key signature: > > > 050D 3E9F 6E0B 44CE C008 D1FC 166C 3C7E EB26 4933 > > > ---------------------------------------------------------------- > > > /me recommends: > > > Squadra Informatica -http://www.squadrainformatica.com > > > ---------------------------------------------------------------- > > > - Proud ThinkPad T-Series owner > > > - Registered Linux-User: #440008 > > > * GENTOO User since 1199142000 (2008-01-01) > > > * former DEBIAN SID user > > > ---------------------------------------------------------------- > > > "Software is like sex: it's better when it's free!" > > > -- Linus Torvalds > > > > signature.asc > > > < 1KViewDownload
