Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Dave Aitel (daveimmunitysec.com)
Date: Thu Feb 05 2004 - 18:43:23 CST
http://www.smashguard.org got posted to bugrtraq yesterday.
When will people realize that "patent pending" is a sign of stupidity
and ignorance, and not something to be proud of? If I wasn't knee deep
in threading issues, I'd go into depth on how no one, not in 20 years,
not in 2000 years, is going to use this "solution" to buffer overflows.
Instead, I'll just say that they quote PaX as an address randomization
technique, instead of understanding what it really is. They have it in
their tech report under the section 3.2. "Modification of the
Executable". They have no clue. Carla E Brodley and T.N. Vijaykumar
should be ashamed of themselves. What they are guilty of, like everyone
writing ROI of Security Investment papers without at least considering
the possibility that a paper written ten years ago about a different
issue is not relevant, is bad science. Apparantly the price for bad
science is strangers making fun of you on mailing lists that get
archived by Google.