Full Disclosure mailing list archives
Re: Evilgrade 2.0 - the update explotation framework is back
From: Valdis.Kletnieks () vt edu
Date: Sun, 31 Oct 2010 10:40:01 -0400
On Sun, 31 Oct 2010 14:24:59 BST, Christian Sciberras said:
In my opinion, all in all, you're creating a yet another overly complex system with as yet more possible flaws. Don't forget tat each new line of code is a potential attack vector which affects any system.
Amen to that. A more subtle issue is the tradeoff issue: Any time they have a code engineer spending time building and feeding that code-signing infrastructure is time that code engineer *isn't* spending writing actual new features the users *want*. Which user-requested feature are you going to heave over the side in order to do code-signing instead? That question has to enter into the calculus as well.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Evilgrade 2.0 - the update explotation framework is back [ISR] - Infobyte Security Research (Oct 29)
- Re: Evilgrade 2.0 - the update explotation framework is back Jacky Jack (Oct 29)
- Re: Evilgrade 2.0 - the update explotation framework is back Benji (Oct 29)
- Re: Evilgrade 2.0 - the update explotation framework is back Jacky Jack (Oct 31)
- Re: Evilgrade 2.0 - the update explotation framework is back Valdis . Kletnieks (Oct 30)
- Re: Evilgrade 2.0 - the update explotation framework is back Dan Kaminsky (Oct 30)
- Re: Evilgrade 2.0 - the update explotation framework is back Mario Vilas (Oct 31)
- Re: Evilgrade 2.0 - the update explotation framework is back Christian Sciberras (Oct 31)
- Re: Evilgrade 2.0 - the update explotation framework is back Valdis . Kletnieks (Oct 31)
- Re: Evilgrade 2.0 - the update explotation framework is back [lesh] Ivan Nikolic (Oct 31)
- Re: Evilgrade 2.0 - the update explotation framework is back Christian Sciberras (Oct 31)
- Re: Evilgrade 2.0 - the update explotation framework is back Valdis . Kletnieks (Oct 31)
- Re: Evilgrade 2.0 - the update explotation framework is back Benji (Oct 29)
- Re: Evilgrade 2.0 - the update explotation framework is back Jacky Jack (Oct 29)
- Re: Evilgrade 2.0 - the update explotation framework is back Valdis . Kletnieks (Oct 31)
- Re: Evilgrade 2.0 - the update explotation framework is back Tim (Oct 31)