DJB Announces 44 Security Holes In *nix Software
generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."
Even though I've heard so much trash talk about DJB, I think he writes good programs that are very reliable. I rolled out qmail to replace several sendmail servers that were constantly hitting 20+ load average. Now our servers deliver more mail than before, and the load average never goes over .25 on the exact same hardware. I think that says alot about his programming technique. I bet his classes are very challenging, hopefully adding some quality programmers to the gene pool.