Comment: Get some LSD

(See in situ)


Cyril's picture

Get some LSD

Anyway. Intended or not, announced or not, software security has always been, still is, and will remain for long... largely a joke.

Back in the days, just 11 or so years ago, I was already enjoying to dig and verify by myself the hacks that guys like The Last Stage of Delirium would find possible to do, if only with this boring Windoze (which was already sold as "more secure" by MS... "lololol"):

http://lsd-pl.net/

The "exploit" (arbitrary command execution) is at the end, in the chapter 4's case study; linky for the curious' convenience:

http://dotxml.brinkster.net/2003/winasm-1.0.1.pdf

These techniques and many others are still current. Nothing new under the sun. Only the versions and the vendors' marketing rhetoric get their new makeup each year. Open source is slightly better only because you can see the design or realization flaws earlier, that's all.

The computer, like any machine, is the dumbest, most inert thing ever. So, the true weakest link remains the human, anywhere, anyhow, always. And that still includes both the users and the engineers, btw. In what they overlook or feel overconfident about. Including the NSA's "geniuses" (who, maybe, believe they can outsmart everybody with whatever they've hidden in X, Y or Z, if anything).

But! Hardware (like guns, and their size, and who has a physical custody of what, when, where) is a whole different story.

"Cyril" pronounced "see real". I code stuff.

http://Laissez-Faire.Me/Liberty

"To study and not think is a waste. To think and not study is dangerous." -- Confucius