abarbarian Posted June 28, 2014 Share Posted June 28, 2014 http://www.theregister.co.uk/2014/06/27/curosity_rover_brings_human_bugs_to_mars/ The most serious impact will fall on popular media platforms FFmpeg and Libav and many beloved dependent projects such as VLC Media Player and Handbrake. Users of all should consider themselves open to RCE until patched. These unpatched and affected users could be compromised when playing movies or audio from malicious sites. An I thought we were in danger from aliens from mars Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 28, 2014 Share Posted June 28, 2014 The source post is very interesting and actually talks about the bug instead of just using almost "scare tactics". I am glad that they found it but article is a bit over the top. It is a 20-year old bug which means it has been a vulnerability for a long time. If anything, it is great that it has been found as it will get patched. The bad part is that now governments and crackers know about the bug so it just gives them another way into systems until the patch has been applied. Here is the source article from the guy who found the bug: http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted June 28, 2014 Share Posted June 28, 2014 I just wonder if the algorithm had an intentional bug... Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 28, 2014 Share Posted June 28, 2014 I was thinking the same Fran.... Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 29, 2014 Author Share Posted June 29, 2014 The source post is very interesting and actually talks about the bug instead of just using almost "scare tactics". I am glad that they found it but article is a bit over the top. It is a 20-year old bug which means it has been a vulnerability for a long time. If anything, it is great that it has been found as it will get patched. The bad part is that now governments and crackers know about the bug so it just gives them another way into systems until the patch has been applied. Here is the source article from the guy who found the bug: http://blog.security...d-bug-that.html Excellent article Josh, I liked these two points, Often the best eyes are fresh or untrained eyes. The more we stop telling ourselves to step over the gaps in our code bases, the more holes we'll be able to fill. All it takes is one set of eyes to find a vulnerability, there is no level of expertise required to look and ask questions. Just look. Maybe you'll find the next 20 year old vulnerability. Hand crafted with the finest bits and bytes, our Sympathy Card shows your engineer what they mean to you and your team. This is a limited run of cards, and will proudly display the Linux kernel LZO exploit written by Lab Mouse on the card. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.