Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Chris Evans (scarybeastsgmail.com)
Date: Tue Feb 22 2011 - 18:35:31 CST
On Tue, Feb 22, 2011 at 2:42 PM, Michal Zalewski <lcamtufcoredump.cx>wrote:
> > Also, I would say that even though randomly prodding exec arguments
> > with As isn't so elite, the space of "the non-web" is much more deep
> > and much more complex than the space of "the web"..
> I think that sentiment made sense 8-10 years ago, but today, it's
> increasingly difficult to defend. I mean, we are at a point where
> casual users can do without any "real" applications, beyond just
> having a browser. And in terms of complexity, the browser itself is
> approaching the kernel, and is growing more rapidly.
> Yes, web app vulnerabilities are easier to discover.
Web app security is beginners' security -- surely everyone knows that?
Those with talent graduate on to low-level vulns (mem corruptions, kernel
> because of horrible design decisions back in the 1990s, and partly
> because we're dealing with greater diversity, more complex
> interactions, and a much younger codebase. Plus, we had much less time
> to develop systemic defenses.
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/