Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment I have an exploit that fits in a tweet, too... (Score 1) 129 129

A lot of security exploits could fit within a tweet, but I've never seen that comparison before. It misleads people into thinking that you can pwn a Mac via Twitter.

My exploit to load unsigned drivers on Windows 8, 8.1 and 10 even with Secure Boot enabled fits in the length of a tweet. I'll release it whenever WinPhone 10 comes out, probably.

Comment Re:Pakistan has nukes (Score 4, Insightful) 383 383

If "third world" Pakistan can control itself while wielding nuclear weapons, I'm sure Iran can as well. The inescapable fact of the matter is this: The United States does not "militarily" mess with nation possessing nuclear weapons. This fact alone makes the weapons highly desirable.

Didn't stop us from covertly assassinating a high-valued target with a special-ops team.

Comment Re:Hasn't worked since at least 2008. (Score 1) 40 40

-ftrapv hasn't worked since at least 2008.

...but you're right, the logical thing to do would be to just check for this shit at runtime. Do you want fast code or do you want secure code? I can buy a faster computer, but I can't buy a more secure one.

clang -fsanitize=undefined, since signed integer overflow is formally undefined.

Comment Operation Downfall (Score 1) 341 341

The number killed was very approximately 100,000. It is plain that not even the majority could possibly have been military personnel.

Clearly. However, the most important thing is to compare the Bombs to the estimated casualties of Operation Downfall--a hell of a lot more Japanese people would have been killed by the Allied invasion.

Comment This happens every so often. (Score 5, Interesting) 74 74

As another example, in January 2013, I discovered a cheat code in the SNES RPG Breath of Fire 1 that allows you to create a save file at a few key locations in the story. This cheat code sat hidden for about 20 years, and it wasn't until I came along and reverse engineered the game that it showed up.

Link to it: click me. Sorry for the quality; it is a really difficult thing to record when your only recording device is an iPad and there was nobody home at the time. Not to mention how hard it is to do that controller sequence and record with only two hands.

Comment Common? (Score 1) 323 323

The point is that claiming "things are worse than ever" is pretty silly in a country where it used to be common for people to own slaves.

Except that it was never common to own slaves. Slave ownership was primarily among Southern aristocrats--your average white Southerner wasn't rich enough to afford one.

Still laughed, though. <3

Comment Signed integer overflow being defined. (Score 1) 427 427

Screw ancient architectures and minor compiler optimizations. I'd rather have my binary math work like all of us were taught in discrete math classes. Not to mention not have my machine pwned by the mob because a programmer didn't realize that their security check was removed for being undefined behavior.

Comment Signed integer overflow and security holes (Score 1) 427 427

Signed integer overflow is undefined. That is, in C++, overflowing a signed integer is considered to be equally bad as dividing by zero. Combined with modern compilers, this is resulting in exploitable security bugs in many programs.

Programmers have been taught for decades about two's-complement integer arithmetic and how it overflows. As a result, many of us who don't know about signed integer overflowing being undefined are making "mistakes" like assuming that it wraps as we were taught.

The reason that C++ considers signed integer overflow to be undefined is because of non-two's-complement machines. Such machines pretty much don't exist anymore. Why does C++ insist upon keeping such requirements around, when it is wreaking security havoc on everyone else?

Do not underestimate the value of print statements for debugging.

Working...