[LUAU] get ready for apple security bugs
Jim Thompson
jim at netgate.com
Wed Nov 1 13:51:16 PST 2006
On Nov 1, 2006, at 11:43 AM, Tim Newsham wrote:
>>> My understanding is that HDM found a vulnerability independantly
>>> and implemented an exploit for it.
>>
>> Phleeze. Its the same old "send a malformed IE in a probe
>> response (or beacon) frame" crapfest that was in the Maynor/Ellch
>> "exploit".
>
> sure, but since maynor wasnt telling, HDM had to write his own fuzzer
> to identify the vulnerability and develop an exploit. Hence
> "independantly." Much as Apple did when identifying similar issues.
Apple's approach was prophylactic. There wasn't actually an
exploitable hole there, it was just people reading the code and
wondering (out loud) if "this could happen". It was a bunch of "lets
make sure the IE can't be too long" crud. it had ZERO net effect.
Otherwise, you would see the exact same exploits (other than changing
the position of the code that overwrites ETX) on FreeBSD.
Which you don't. Care to wonder why?
Note that the HDM exploit doesn't work if you've got the card in the
normal operating mode, (where the on-card firmware interprets the
probe response frames).
>
>>> Not sure what this has to do with Maynor not letting it drop...
>> The Krebs connection. He's trying to get some respect after
>> dropping the ball (on his foot) over the whole Maynor/Ellch affair.
>
> So it's not Maynor not letting it drop?
No, its Krebs.
And maybe a bit of Ellch. Maynor has had a rag stuffed in his mouth.
More information about the LUAU
mailing list