[PLUG-TALK] Exploitable Bug in a Programming Language?
Michael Rasmussen
michael at jamhome.us
Tue May 31 19:03:04 UTC 2016
On Tue, May 31, 2016 at 11:54:23AM -0700, Rich Shepard wrote:
> In today's post on krebsonsecurity.com, Brian discusses the availability
> for sale (for $90,000) of a Windows 0-day bug effective on all versions from
> win2000 through win10. In this post he writes,
>
> 'So-called “zero-day” vulnerabilities are flaws in software and hardware
> that even the makers of the product in question do not know about. Zero-days
> can be used by attackers to remotely and completely compromise a target —
> such as with a zero-day vulnerability in a browser plugin component like
> Adobe Flash or Oracle’s Java.'
>
> My question is how a programming language could have an exploitable flaw?
> Not applications written in that language, but the language or its compiler
> itself, and not be known by developers writing code in that language.
>
> Curious mind wants to know,
Sing it with her: https://www.youtube.com/watch?v=8IkNDzvCswU
Languages are used to express the intent of the programmer/speaker.
It's not the language, it's the programming expression of the writer(s).
The more complex the expression/program the greater potential for unintended,
unforeseen, unimagined, actions when unanticipated conditions occur.
How can someone who has used computers for decades be unfamiliar with the
concept of a bug? Zero-day exploits are bugs exploited.
--
Michael Rasmussen, Portland Oregon
Be Appropriate && Follow Your Curiosity
Read enough of the top-10 lists that American movie critics put together
and you might wonder whether a single damn film worth watching came out
before the first of October.
~ Andrew O'Hehir
More information about the PLUG-talk
mailing list