On Sun, 30 Nov 2003 05:55:52 PST, Gadi Evron <[EMAIL PROTECTED]> said:
> So saying C is not secure is rather.. silly.
I'm willing to assert that Unlambda is impossible to write an
exploitable program:
http://www.eleves.ens.fr:8080/home/madore/programs/unlambda/
:)
(Incidentally, if you're a l
On Sat, 29 Nov 2003 15:11:02 EST, Bill Royds <[EMAIL PROTECTED]> said:
> Only a good programmer can write safe C.
> Most programmers are not good programmers.
> Therefore most C code is not safe and should not be trusted.
Flon's Law: There is not now, and never will be, a language in which it is
I am evaluating Astaro Security Linux: It is a firewall, http proxy and
virus gateway(for both pop3 and smtp and uses the kapersky anti-virus
engine that can be set to auto-update hourly if you wish)...also it can
filter suspicious attachments by file extension you specify. So far
i have foun
HELLO,
Recently A DEMONSTRATION OF FORMAT STRING AND FRAME POINTER OVERWRITING EXPLOITATION
was given by neonfreon (neonfreon[at]exploit[dot]us) on the UNDERNET IRC network
in #hackphreak. This is the first in a series of lectures [hopefully] and we invite
all from the comp-sec industry to enjoy t
Michael Gale wrote:
Oh.. I like this thread. I am not a programmer but would like to learn
and when I want to do something I want to be the best at it and do it
the right way.
Use C. :)
So C programming feels like a good challenge.
It (usually) isn't about the language, it's usually about the pro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Devdas" == Devdas Bhagat <[EMAIL PROTECTED]> writes:
Devdas> On 28/11/03 23:04 +, Morning Wood wrote:
>> *cough*
>>
>> http://timesofindia.indiatimes.com/articleshow/320561.cms
Devdas> Nothing important here. If you ha
Although you won't be seeing this...
Hope you have a fun move... I'm moving starting tomorrow too. ^^
But, no, I don't think you need to notify anybody... Only the listadmin if
you're not a regular poster and all... (Since otherwise spammers will tend
to join a list and go nomail... Gotta 'love'
I don't know if I have to notify anyone on this list, im going nomail as im
moving, ill be back on the 4th
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Sat, 2003-11-29 at 15:10, Michael Gale wrote:
> The right being security first and reliability / speed second.
I don't know about that. I prefer code with minimal "failure
conditions". Failure conditions, or faults, have impact on both,
security and reliability. I don't think a program can exi
Oh.. I like this thread. I am not a programmer but would like to learn
and when I want to do something I want to be the best at it and do it
the right way.
The right being security first and reliability / speed second.
So C programming feels like a good challenge.
Michael.
On Sat, 29 Nov 2003
On 28/11/03 23:04 +, Morning Wood wrote:
> *cough*
>
> http://timesofindia.indiatimes.com/articleshow/320561.cms
Nothing important here. If you have a bunch of morons who will not
listen to clued up people, this is exactly what will happen. Typical
triumph of bureaucratic management over techn
On 29/11/03 12:30 -0800, Chris Adams wrote:
> On Nov 29, 2003, at 2:47, Choe.Sung Cont. PACAF CSS/SCHP wrote:
> > Bill Royds wrote:
> >> If you are truly interested in security, you won't use C as the
> >> programming language.
> > You must be shitting me.. C does have its inherent flaws but that
On Nov 29, 2003, at 2:47, Choe.Sung Cont. PACAF CSS/SCHP wrote:
Bill Royds wrote:
If you are truly interested in security, you won't use C as the
programming language.
You must be shitting me.. C does have its inherent flaws but that
doesn't
mean that there cannot be a secure application written
Only a good programmer can write safe C.
Most programmers are not good programmers.
Therefore most C code is not safe and should not be trusted.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter Moody
Sent: November 29, 2003 12:52 PM
To: [EMAIL PROTE
- Original Message -
From: "Lennart Damm" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, November 28, 2003 19:17
Subject: [Full-Disclosure] SIP security
What´s the (disclosed/non-disclosed) security status for SIP protocol based
applications in UMTS MMS (MultiMedia System)?
> your programmer must be perfect to guarantee security. C is best used for
> low level programming where one needs to be close to the hardware
> (programming in the small). It is not good for large applications where
> modularity and flexibility are more important ( programming in the large).
and
Paul Schmehl <[EMAIL PROTECTED]> wrote:
> >
> This is a good first step, but you should also have a/v protection at the
> gateway. Look at amavisd and vexira if you're allowed to use open source.
Just to clarify things: vexira is'nt open source.
For an open source av-scanner take a look at clam
> You must be god since you can code perfectly without ever making a
mistake.
You mean to say "God". ;-p
S.Choe
-Original Message-
From: Bill Royds [mailto:[EMAIL PROTECTED]
Sent: Saturday, November 29, 2003 4:44 AM
To: 'Choe.Sung Cont. PACAF CSS/SCHP'; [EMAIL PROTECTED]
Subject: RE: [Fu
--On Saturday, November 29, 2003 10:12 AM -0500 "Marc Chabot (.net)"
<[EMAIL PROTECTED]> wrote:
I had a bad opinion of mc-a-fee before, but if you say it's highly
effective against NONE viruses, I believe you. :-D
That's just the modern spelling of known. :-)
I'm looking for anybody who had some
PS> Paul Schmehl ([EMAIL PROTECTED])
PS> Furthermore, you don't want just "any reasonable well supported product".
PS> You want a product that is highly effective against none viruses. Some
PS> that fall in to that category are Sophos, McAfee, Kaspersky and Norton.
I had a bad opinion of mc-a-fee
You must be god since you can code perfectly without ever making a mistake.
Once you have a substantial application to write, C makes it very hard to
ensure that it is secure (C++ is even worse). A vulnerability testing
application for C must look at the whole system to check because interface
decl
> Bill Royds wrote:
> > If you are truly interested in security, you won't use C as the
> programming
> > language.
Probably, the language is written in C...
Ultimately it's all machine language and we can hide things in "higher
level" languages but it comes down to the fact thet we end up playin
Bill Royds wrote:
> If you are truly interested in security, you won't use C as the
programming
> language.
You must be shitting me.. C does have its inherent flaws but that doesn't
mean that there cannot be a secure application written in C. This statement
represents FUD at its highest level.
> Most of these are situations similar to the halting problem on a Turing
> machine so you are unlikely to get an error free checker. But if your
> checker complains about all the possible security holes, it will complain
> about nearly every construct used within C programs.
I'm auditing one o
24 matches
Mail list logo
