[PLUG] First JPEG virus is out there

Steve Bonds 1s7k8uhcd001 at sneakemail.com
Wed Sep 29 14:50:02 UTC 2004


Russell Senior wrote:

> The guy who gave last month's AT talk (I am too lazy to look up his
> name) said something implying that non-executable stack (or was it
> pages or something) didn't "work" or that they were a panacea or
> something.  Sorry I didn't grasp all the details.  I wonder what he
> meant.

Like most elements of security, these are not a cure-all.  For
specific examples of how to defeat them, refer to Phrack 56:

http://www.phrack.org/phrack/56/p56-0x05

They can help quite a bit in making buffer overflows harder to
exploit, so they're still useful.  The problem is they're marketed as
a complete solution, when they're not.

  -- Steve




More information about the PLUG mailing list