I'm glad I wasn't the only one thinking this.
Who needs strncmp(hash, good, 20) when you have strncmp(hash, good, strlen(hash))? Go Intel, you one-upped Nintendo. https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf …
-
-
-
I definitely made a comment “bushing would be proud” somewhere
End of conversation
New conversation -
-
-
Read the whitepaper. strncmp.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The length is attacker-supplied and controlled. It's a tweet, not a reference manual. strlen(good) gets the message across.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
memcmp was a first guess by https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability … but they didn't actually read the code (and it doesn't make a difference here).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
So, can we call this one the surströmming bug?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This is fuckin'insane.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
did anyone check that it's not memcmp (imho more likely)? Because then there would also be a remote mem disclosure..
-
It's strncmp, see linked article. Assuming they did not misname the function.
- Show replies
New conversation -
-
-
I thought I'd never see the day....an industry leader had worse security than the Wii.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.