...if I wanted to distribute a chat program and have it be "evil" I would not distribute a binary with hidden behavior (if nothing else, when you find this code in my binary I'm pretty damn well screwed ;P): I'd instead distribute an open source program that involved a threaded work queue for handling multiple socket connections to peers and which had a few very subtle use-after-free race conditions that would only come up under nearly impossible timing scenarios that I knew how to trigger and exploit, giving me complete control of your client whenever I wanted.
this only works if you're already on the network. [...] This is another way of saying it's not remotely exploitable via the internet at large
"My guess is that the developers realized that some programs/services needed to be able to change the device’s settings automatically; realizing that the web server already had all the code to change these settings, they decided to just send requests to the web server whenever they needed to change something."
« Older Does Satan worship lower a Las Vegas mansion's val... | Selling is Service, Service is... Newer »
This thread has been archived and is closed to new comments
Buy a Shirt