|
[ Message Precedent sur la mailing][ Message Suivant sur la mailing][ Precedent dans le fil][ Prochain dans le fil][ Index par Date][ Index par fil]
Re: [Full-disclosure] What the f*** is going on?
On Tue, Feb 22, 2011 at 2:42 PM, Michal Zalewski <lcamtuf@xxxxxxxxxxx> wrote:
> Also, I would say that even though randomly prodding exec arguments
> with As isn't so elite, the space of "the non-web" is much more deep
> and much more complex than the space of "the web"..
I think that sentiment made sense 8-10 years ago, but today, it's
increasingly difficult to defend. I mean, we are at a point where
casual users can do without any "real" applications, beyond just
having a browser. And in terms of complexity, the browser itself is
approaching the kernel, and is growing more rapidly.
Yes, web app vulnerabilities are easier to discover.
Web app security is beginners' security -- surely everyone knows that? Those with talent graduate on to low-level vulns (mem corruptions, kernel vulns, etc).
</troll>
Cheers Chris
That's partly
because of horrible design decisions back in the 1990s, and partly
because we're dealing with greater diversity, more complex
interactions, and a much younger codebase. Plus, we had much less time
to develop systemic defenses.
/mz
Full-Disclosure - We believe in it.
Charter: link://[click]
Hosted and sponsored by Secunia - link://[click]
Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure
Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|