Firstly anything that can be done in software can be broken via software, and so nothing is non-tamper-proof, it may take a long time but at some point someone will break it. So to get back to the question, Are software cracks also a form of security vulnerabilities? IMHO No. to draw an analogy with the physical world... safety issues (car breaks, wheels falling off etc.) could be said to be akin to security vulnerabilities, both are preventable at the design stage, both cause the system to fail and both have serious implications for the end user. The battery on the 787 is a safety issue, Lithium ion batteries apparently have a number of known safety drawbacks (as per the BBC, see http://www.bbc.co.uk/news/business-21054089 ), and it's right that the FAA has grounded the 787 because of it, and Boeing is working on a patch. However cracks aren't like that, the vendor has no control over what happens to them, I could write a patch that would prevent any windows program from working (just f**k with the PE header or overwrite every byte with 90h), is this the vendors fault? clearly not. can they stop me? clearly not, as long as I've access to the executive file (which is an OS not application issue) I can screw it up. IMHO it's as if you where to say the fact someone could take out a 787 with a surface to air missile is a safety issue and we should class them the same as battery fire's. On 17/01/2013 09:20, COPiOUS wrote: > Hello, > > First of all, the question is in the subject. Should say enough. > > In my opinion they are, since a software crack allows unauthorized use of > software and the exposure of (possible) trade secrets, but I want to know how > other people think about this. Also, by cracking software packages, other > issues pop up quite often - quite a lot of applications aren't tamper-proof. > But does "not tamper-proof" mean that the software is flawed? > > Since we're moving to a smartphone/app-centric world, application security > (and especially mobile application security) is an important topic, since > many developers think that a walled garden is safe. It's not because you > can't get out, that others can't get in. > > COPiOUS > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/