Zlib Security Flaw Could Cause Widespread Trouble 372
BlueSharpieOfDoom writes "Whitedust has an interesting article posted about the new zlib buffer overflow. It affects countless software applications, even on Microsoft Windows. Some of the most affected application are those that are able to use the PNG graphic format, as zlib is wildely used in compression of PNG images. Zlib was also in the news in 2002 because of a flaw found in the way it handled memory allocation. The new hole could allow remote attackers to crash the vulnerable program or even the possiblity of executing arbitrary code."
Important: Use a safe browser (Score:5, Funny)
So next time someone recommends a browser. Stop and wonder about what technology the latest browser has implemented properly without regard to any security issues, and remember that it will be decades before IE implements the technology (if it ever does) so it will be safe for quite some time, by being a stable browser that rarely changes.
Mods: This is not an attempt at troll, but a parody of the typical "This is why you should switch to Firefox" posts whenever a vulnerability involving IE. It should be painfully obvious, but then again most of you are on crack.
Re:Modularised code will always have this problem. (Score:3, Funny)
Actually, 'forbidden term' would be more appropriate. My bad.
even on Microsoft Windows (Score:3, Funny)
NOT WINDOWS! I was just about to move to it from this Linux thing!
Re:Modularised code will always have this problem. (Score:4, Funny)
If so why not? - and if not, why so?
Why why not but not if not? Why not not?
Re:For those with IE on XP,2003 (Score:3, Funny)
Re:Important: Use a safe browser (Score:2, Funny)
Re:Not just IE (Score:2, Funny)
My stupidity squared.
Re:Mods on crack!? (Score:3, Funny)
Slander! I only mod people down when I'm off crack!
Is i my imagination... (Score:3, Funny)
Re:Modularised code will always have this problem. (Score:4, Funny)
Zlib loaded with Spyware (Score:3, Funny)
Here is a sample of the Scan log.
Re:Modularised code will always have this problem. (Score:3, Funny)
Get a clue, you anonymous turd. DJ Bernstein isn't working under the whip of a corporate master demanding working apps in murderous short timeframes. Furthermore, the existence of one brilliant man who can manage to keep enormous amounts of state in his head and turn out perfect code is not prima facie evidence that all who cannot are somehow lacking.
Personally, my goal is always perfection. I know it's difficult and I don't always achieve it, but I gotta wonder about people like you who "aim low".
Who the fuck said anything about "aiming low"? My point is that errors happen and that you can't just browbeat people into not making mistakes. You say it yourself: "I don't always achieve [perfection]".
Unfortunately, giving people lectures doesn't teach them how to do this.
THAT WAS EXACTLY MY POINT, JACKASS!
In an industry with about zero barrier to entry, most software is going to be crap. Most programmers simply don't know what they are doing. But don't let that cloud your thinking. It *is* possible to write secure software exactly like you describe.
It is possible, but the chaotic way most programming shops are run make it highly unlikely. Overwork, lack of sleep, poor communication, and shifting goals make errors inevitable. One brilliant man sitting down and writing qmail on his own time and at his own pace does not scale to ten overworked regular code grinders trying to crank out two months work in two weeks.
If you think "writing secure software is impossible", you've already lost
If you think that's what I said, go back and read it the fuck again. Your reading comprehension is as bad as your superiority complex.
please get out of the industry, or at least don't write software that deals with network data.
After you, you arrogant prick.