[81939] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: More about Netscape Bug finder

daemon@ATHENA.MIT.EDU (Mike Duvos)
Tue Jun 17 02:16:16 1997

In-Reply-To: <v030209a4afcb8c31bbc6@[139.167.130.246]> from Robert Hettinga at "Jun 16, 97 10:41:24 pm"
To: cypherpunks@cyberpass.net
Date: Mon, 16 Jun 1997 21:59:00 -0700 (PDT)
From: Mike Duvos <enoch@zipcon.net>
Reply-To: Mike Duvos <enoch@zipcon.net>

A few comments... 

Almost every non-trivial program which runs on a platform which does not
shield the OS from applications can be subverted to give access to the
target machine. 

This is hardly news.  The fact that a determined Dane with a debugger
managed to poke through the code and break something is neither
earth-shattering nor remarkable. 

In something the size of Netscape, I'm sure 999,999 exploits still remain. 
The company is hardly going to start writing checks every time someone
finds one of them.

Until all application software runs on secure virtual machines, or passes
bytecode verification and formal proofs of correctness, this problem will
continue to exist, not only in Netscape, but in every other large
application as well.

Big Yawn. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     enoch@zipcon.net   $    via Finger.                      $


home help back first fref pref prev next nref lref last post