|
This page contains all of the posts and discussion on MemeStreams referencing the following web page: a bountiful supply. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.
|
a bountiful supply by noteworthy at 9:45 am EST, Nov 1, 2015 |
Paul F. Roberts: New functionality means new code, and new code invariably means vulnerabilities, explains Mark Litchfield. But, just as often, it is legacy code that is often rife with exploitable holes. And for researchers working on bounty programs, holes mean money.
Anders Fogh: Seaborn and Dullien (2015) forcefully illustrated that what is normally a reliability issue can become a security issue very fast.
Eduard Kovacs: CyberX says it has used an "innovative technique" to identify and exploit the vulnerabilities in MicroLogix PLCs. Researchers developed a piece of firmware that uses a special algorithm for searching the firmware code and mapping potentially vulnerable functions. The firmware is uploaded to a test device by bypassing a security mechanism for firmware validation, allowing experts to easily develop working exploits that can later be used against equipment that hasn't been tampered with.
|
|
|