Full Disclosure mailing list archives
Re: A modest proposal
From: Christian Sciberras <uuf6429 () gmail com>
Date: Fri, 20 Jul 2012 17:46:39 +0200
Wow, how short sighted. So you really think that obfuscating code is a good excuse to escape reviewing of bad code? With all that trouble, you could just write it correctly from scratch (or give it more time for testing). But at this point, I think everyone is getting their own deal out of this. The original idea does not work for each and every case, and it definitely fails badly in some specific cases...this however, does not discredit it at all. On the other hand, if all you really care about is trolling...well, that's another different story. On Fri, Jul 20, 2012 at 4:01 AM, Bzzz <lazyvirus () gmx com> wrote:
On Thu, 19 Jul 2012 21:08:47 -0400 Glenn and Mary Everhart <everhart () gce com> wrote:If you have a piece of code that you don't want malware to be able to inspect, that might perhaps have some "secrets" in it or that you want not to be trivial to have some other code patch, why not arrange for that code to be different in form (but the same in function) with every copy?It isn't very realistic because wherever you put the code, in whatever native form, you first have to decode it to RAM for execution; and if this code is a piece of crap, it'll stay a piece of crap. Furthermore, obfuscation can "talk to you" when you're used to review tons of code (haaa, apple][ nibble counts and other "protections", where did ou go?:), and sensibly slows down programs responsiveness. The base of the problem isn't obfuscation but producing good and tested code, AND reacting fast when a flaw is discovered. This is what most of open-source coders fight to do and what big corps strive to avoid. In this matter, everybody's here knows that threatening these corpos of a full disclosure is the only way to go, because they're like kids that won't grow up and seek the least effort possible & max benefit way - in a word, they're irresponsible. JY -- <lily34> were made one for each other <lily34> we'll marry <lily34> we'll have many children <EthanQix> :/ <lily34> like Roméo and Juliette :D <EthanQix> hmmm you apparently didn't finished the book. <lily34> ? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- A modest proposal Glenn and Mary Everhart (Jul 19)
- Re: A modest proposal Gage Bystrom (Jul 19)
- Message not available
- Re: A modest proposal Gage Bystrom (Jul 20)
- Message not available
- Re: A modest proposal Gage Bystrom (Jul 19)
- Re: A modest proposal valdis . kletnieks (Jul 19)
- Re: A modest proposal Memory Vandal (Jul 19)
- Re: A modest proposal Thor (Jul 20)
- Re: A modest proposal Christian Sciberras (Jul 20)
- Re: A modest proposal Thor (Jul 20)
- Re: A modest proposal Ben Laurie (Jul 20)
- Re: A modest proposal Bzzz (Jul 20)
- Re: A modest proposal Christian Sciberras (Jul 20)
- Re: A modest proposal valdis . kletnieks (Jul 20)
- Re: A modest proposal Jeffrey Walton (Jul 20)