DJB Announces 44 Security Holes In *nix Software
generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."
All you need to do is find one more hole, this one in the campus records department, and exploit it for improving your grade. If you have an "A" average otherwise, another "A" will look right in place. It's the "D" average people suddenly getting "A"s and "B"s that draw suspicion.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Perhaps Microsoft should try this strategy. Im sure the kids would thoroughly enjoy that assignment! They'd have bugs coming out the wazoo! A's for everyone!
Hey! I've found remote roots in OpenSSH, Apache, and Bind. If you run the file below, you can get root.
[ Part 2, Text/PLAIN (charset: unknown-8bit) 95 lines. ]
[ Unable to print this part. ]
Get your own free personal location tracker
Why take for granted that the number of bugs to be found was expressed in base-10? Why not base-2?
My algorithms class was like this. I aced every test but didn't complete the Travelling Salesman program successfully. I got an "incomplete" and had to come to summer school. Boy was I mad at the time but I see now why they did it. All or nothing.
If you can always remember to wipe your butt, you can always remembers to watch your buffer lengths.
Well, there's the problem!
Ahh, this is such stuff that pointless flamewars are made on.
No it isn't, you moron!
The enemies of Democracy are