Re: Downloading files
- From: Rick Moen <rick@xxxxxxxxxxxxxx>
- Date: Wed, 02 Aug 2006 20:41:46 -0400
chuckcar <chuck@xxxxxxx> wrote:
Retaining little worries about a piece of untrustworthy software
you've fetched from somewhere, for no better reason than having its
source code, is a truly _excellent_ way to fool yourself and shoot
yourself in the foot. The reasons should be obvious. If not, go and
security-audit the source code of the next five desktop applications
you use. (For extra fun, make sure they have to parse data from
public networks, and go over those input-validation routines
carefully!)
Tell you what, you find *one* named piece of software fitting this
character on sourceforge.net, freshmeat.net or gnu.org and I'll
willingly admit I was misinformed on the matter, but until you do, you
might as well be talking about some code somebody dreged out of a
newsgroup that only posts code for lovers of viri.
o mpg123 pre0.59s beta was vulnerable to buffer overflow induced by
trojaned (specially malformed) MP3 files played using it, having
binary code in the MP3 frame header that invokes a shell and recursively
deletes the user's home directory. Some showoff who noticed this
bug actually coded a piece of exploit code against it called
JBells (aka Jbellz), that you'll find in some of the more
comprehensive lists of Linux malware. Such as *ahem* mine.
OK, what did I win, Chuck? ;->
.
- Follow-Ups:
- Re: Downloading files
- From: chuckcar
- Re: Downloading files
- References:
- Re: Downloading files
- From: Rick Moen
- Re: Downloading files
- From: chuckcar
- Re: Downloading files
- From: Rick Moen
- Re: Downloading files
- From: chuckcar
- Re: Downloading files
- From: Rick Moen
- Re: Downloading files
- From: chuckcar
- Re: Downloading files
- Prev by Date: Re: Downloading files
- Next by Date: Problems trying to configure Linux laptop to print to Windows XP shared printer
- Previous by thread: Re: Downloading files
- Next by thread: Re: Downloading files
- Index(es):
Relevant Pages
|
|
