I've been getting a few questions about the recent "PortSmash" vulnerability announcement. Short answer: This is not something you need to worry about. If your code is vulnerable to it, you were already vulnerable to other (easier) attacks.
-
-
http://www0.cs.ucl.ac.uk/staff/b.cook/VSSTE18_sidetrail.pdf … can catch the LuckyMinus20 regression, we actually used it as a target case. It needs more than the secret modifier, it also needs to know the entry and exit points, but since the logic error is data-dependent, it can catch it too.
- 3 more replies
New conversation -
-
-
We’ll have the long version of this paper out soon! (w user studies, ports, etc.)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.