[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] adobe.com important subdomain SQL injection again!
- To: John Jester <watermonk@xxxxxxxxxx>
- Subject: Re: [Full-disclosure] adobe.com important subdomain SQL injection again!
- From: Marsh Ray <marsh@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 20 Dec 2010 12:51:58 -0600
On 12/19/2010 09:32 PM, John Jester wrote:
>
> Sandboxing the plug-in from your system fixes it I believe. It's so
> futile sandboxing it was key.
OK, so if sandboxing works, then why not just let devs build x86/x64
code in the first place? In the same category as Native Client or ActiveX.
Maybe because sandboxing isn't going to work so well?
> And security, hell a multi-billion dollar company can't keep it from
> gobbling up 100% cpu in some instances. Huge note: over the years has
> been massive improvement in both performance and security.
I wonder how much of that is the game or app itself in a tight loop. CPU
is, after all, there to be used.
> It's not hopeless or futile, but come on, it's like the titanic.
Remember chapter 1 of the textbook when it said "The first rule of
security is never try to retrofit security, _ever_!!" and underlined it
three times?
Well see back in 1996 there were these really popular animation and
multimedia CD-ROM authoring packages and... the rest is history.
- Marsh
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/