[PLUG] First JPEG virus is out there
Steve Bonds
1s7k8uhcd001 at sneakemail.com
Wed Sep 29 14:50:02 UTC 2004
Russell Senior wrote:
> The guy who gave last month's AT talk (I am too lazy to look up his
> name) said something implying that non-executable stack (or was it
> pages or something) didn't "work" or that they were a panacea or
> something. Sorry I didn't grasp all the details. I wonder what he
> meant.
Like most elements of security, these are not a cure-all. For
specific examples of how to defeat them, refer to Phrack 56:
http://www.phrack.org/phrack/56/p56-0x05
They can help quite a bit in making buffer overflows harder to
exploit, so they're still useful. The problem is they're marketed as
a complete solution, when they're not.
-- Steve
More information about the PLUG
mailing list