Slashdot Mirror

← Back to Stories (view on slashdot.org)

DJB Announces 44 Security Holes In *nix Software

Posted by timothy on from the extra-credit dept.

generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."

8 of 983 comments (clear)

  1. Boohoo by Breakfast+Pants · · Score: 1, Troll

    This seems like a call to the world for pity as if that will somehow change the professor's mind.

    --

    --

    WHO ATE MY BREAKFAST PANTS?
  2. Re:Misleading Title by Creepy+Crawler · · Score: 0, Troll

    Technically, Windows NT is based on a version of UNIX (BSD's).

    Many copies of Windows includes the attribution requirement, or the binaries are directly from open source code (bsd of course).

    --
  3. Modern education sunken to a new low by mozkill · · Score: 0, Troll

    So this is what we call modern education? Teachers are merely muses to encourage us to do work and they don't actually teach anymore? Sounds like a trade school to me. No teaching, just hands on experience. I wouldnt want to pay for school and then get that crap in return.

    --

    -- Betting on the survival of the media industry is a serious risk. I advise investing elsewhere.
  4. Re:Misleading Title by jazman_777 · · Score: 0, Troll
    ...it seems to imply that it was DJB himself who found those holes, when in reality all he did was reap other people's (his students') work's rewards.

    Typical arrogant academic, but I repeat myself.

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  5. mod parent up by commodoresloat · · Score: 0, Troll

    that - or something similar - is quite possibly the actual goal of the assignment.

  6. Most students fail by jbrandon · · Score: 0, Troll

    Why would most students fail? Because DJB is now, and has always been, an asshole.

  7. Exactly. by glrotate · · Score: 0, Troll

    College chicks are hot. Who wouldn't funk them if they could.

  8. Re:What kind of stupid class is this? by General+Trolltalk · · Score: 0, Troll

    I'm sorry but that is a fucking load of crap sir. I subscribe to all the various notification lists for bugs, exploits, and other security concerns and I can say without a DOUBT that Linux and UNIX in general is overhyped in terms of its security.

    I say its alot better off than Windows but it is wholly irresponsible and naive to sit here and say that OSS is somehow better - better to a point where finding bugs in it is fuitle (as you say). I've patched too many sendmail exploits (not my choice to run sendmail, it is corporate IT's decision) and even patched the Linux kernel itself becuase of critical bugs. Don't sit here and tell me that OSS is so much better, it is not.

    OSS' advantage comes with the large community of people who work on it, thats it. OSS will generaly have patches issued much faster than a corporate beaucracy will for something like Windows or Solaris.

    Are you seriously going to stand by your totally asanine claims? I'll sit here and paste loads of vulernabilities in OSS software if you so desire.