Star This New Vulnerability: Dowd's Inhuman Flash Exploit
Linked by David Adams on Wed 16th Apr 2008 15:58 UTC, submitted by supergear
Privacy, Security, Encryption IBM researcher Mark Dowd has outlined a Flash vulnerability that could allow for a rare cross-platform web-based exploit. Matasano Chargen uses a Super Mario metaphor, an example we can all relate to, to illuminate it.
E-mail Print r 4   21 Comment(s) http://osne.ws/f5j
Thread beginning with comment 309913
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Karma..
by PLan on Wed 16th Apr 2008 17:43 UTC in reply to "RE: Karma.."
PLan
Member since:
2006-01-10

>How are such exploits unique to proprietary software?

Well they're not really, but (I can't really believe I'm going to quote Eric S. Raymond) -

"given enough eyeballs, all bugs are shallow"

Reply Parent Bookmark Score: 2

RE[3]: Karma..
by sbergman27 on Wed 16th Apr 2008 18:23 in reply to "RE[2]: Karma.."
sbergman27 Member since:
2005-07-24

"given enough eyeballs, all bugs are shallow"

The premise of that claim: "Given enough eyeballs", is often taken as a given. Everyone who has done a security audit of Gnash, please raise your hand.

I'm a strong advocate of open source. But I would be remiss not to state that eyeballs per line of code can be quite variable.

Reply Parent Bookmark Score: 3

RE[3]: Karma..
by WorknMan on Wed 16th Apr 2008 20:25 in reply to "RE[2]: Karma.."
WorknMan Member since:
2005-11-13

"given enough eyeballs, all bugs are shallow"


You just hope that whichever pair of eyeballs discovers the hole first belongs to one of the good guys.

Reply Parent Bookmark Score: 4