On Fri, 19 Aug 2005 12:17:25 +0800, leaf said: > Hey, > Buffer overflows will be harder and harder. Maybe game is over. The game will never be over. The best you can hope for is to find a cost-effective way to raise the bar high enough to keep the likelyhood that you'll get hacked down to an acceptable level. Hint - the /GS code is based on an assumption regarding the behavior of the code. What is it assuming, and what possible end-runs can you come up with? (For example, if the feature is based on a 'canary' value remaining intact, you want to look for ways to totally overshoot the canary and overlay something beyond it...)
Attachment:
pgpM79FceByjF.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/