[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
- To: adam <adam@xxxxxxxxx>
- Subject: Re: [Full-disclosure] n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
- From: coderman <coderman@xxxxxxxxx>
- Date: Thu, 29 Dec 2011 23:37:05 -0800
On Thu, Dec 29, 2011 at 11:24 AM, adam <adam@xxxxxxxxx> wrote:
> In any case, the concept is pretty interesting.
data structures exposed to potentially malicious user input. what
could go wrong?
Big-O: a perfect case is not typical.
real-world is sometimes not average.
attacker inputs, they're always aiming for the worst!
> It's not a vector that most
> people would think of when securing their applications/servers. At least,
> most people I've come in contact with, anyway.
welcome to the state of 21st century infosec. :)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/