Re: IE7 Zero Day

["Eliah Kagan" <degeneracypressure () gmail com>]

On 5/5/06, Valdis Kletnieks wrote:
> On Fri, 05 May 2006 10:02:27 EDT, Exibar said:
>
> >   ROFL, I mean no disrespect man, just couldn't resist.....  yah, I'm sure
> > if you think about it a bit you'll realize what my procedure is.....
>
> Were you about to suggest that you just Turn The Damned Thing Off?
>
> If so, note that this doesn't suffice in some cases:
>
> http://www.eurekalert.org/pub_releases/2006-02/uoia-qcs022106.php
>
> Now, if you can find a bug in the program they ran, you can 0wn the box
> even when it's turned off....

No, Turning The Damn Thing Off still works. In order to place the
computer in a superposition of running and not running the algorithm,
you still have to be operating the computer. Essentially, you have to
make it not run the algorithm to get the computational result--it
doesn't just not do it by itself.

That is, the way it doesn't do it by itself is different from the way
you have to make it not do it to get the answer out of it. In order to
exploit a bug in a finite state machine (and a quantum computer is
still a finite state machine--you can simulate the quantum state of a
quantum computer fully well with a traditional computer, though for
highly complex quantum computers--which don't exist yet--it would take
a long time to run the simulation), you have to affect either the
output or the state of the machine. Sitting around and not using the
quantum computer--that is, providing no energy input to the system and
thus Turning The Damn Thing Off--will still prevent either of these
things from happening.

-Eliah

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/