talk: Re: Dowd's Inhuman Flash Exploit

From: Bret Lambert <blambert_at_**********.***>
Date: Fri Apr 18 2008 - 14:27:23 EDT

Not to take away from the ingenuity of the exploit, but there were two
classic errors that should never have made their way past a code review:

1) a signed vs unsigned issue
2) not checking the return value from a memory allocation

The point we should all take away is that programming defensively (as
the flash people should have done) is something that should be
internalized.

On Fri, 2008-04-18 at 15:07 -0400, Jason Dixon wrote:
> Entertaining take on a brilliant exploit.
>
> http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
>
>
> -J.
>
>
>
> --
> List Info: http://metabug.org/mail/
> List Archives: http://metabug.org/archive/talk/
> To Unsubscribe: Mail mailto:talk+unsubscribe@metabug.org
>
>

--
List Info:      http://metabug.org/mail/
List Archives:  http://metabug.org/archive/talk/
To Unsubscribe: Mail mailto:talk+unsubscribe@metabug.org

Received on Fri Apr 18 15:27:38 2008

This archive was generated by hypermail 2.1.8 : Fri Apr 18 2008 - 15:27:38 EDT