Where is the proof of concept code? (Without it, this is nothing more that idle speculation that has cost a lot of people a lot of time and effort.)
With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.
| [reply] [Watch: Dir/Any] |
where is your patch to provide an alternate?
| [reply] [Watch: Dir/Any] |
Two problems with that retort:
- It would be hard to code a patch to handle an attack vector that -- to the best of my ability to discover; and despite requests for further information and a promise of "I would release a full-disclosure document in the middle to last week of march." -- it seems has never been publicly described, let alone demonstrated.
Indeed -- whilst I'm still waiting to hear back from mitre (CVE DB maintainers) and a couple of other likely organisations -- I can find no trace that anyone other than demerphq has ever been made party to the details of the vulnerability.
- Also, based upon the scant information I have been able to glean -- and a lot of unfortunately necessary supposition -- it seems likely that any one of several one-line patches might serve to totally mitigate the possibility of CVE-2013-1667.
With the added upside that almost none of the pain caused by the implemented solution would have been necessary.
I'm preparing a paper -- which will probably come in 4 or 5 parts -- now. But it would surely be easier, and maybe even unnecessary, if disclosure were made.
With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.
| [reply] [Watch: Dir/Any] |
| [reply] [Watch: Dir/Any] |