| |||||||||||||
JITter Bug (Linux Journal)JITter Bug (Linux Journal)Posted Jul 17, 2009 2:30 UTC (Fri) by njs (guest, #40338)In reply to: JITter Bug (Linux Journal) by JoeF Parent article: JITter Bug (Linux Journal)
> the exploit was just one of their test cases.
That's a little misleading... their test case was a *crash*, not an exploit; someone used it as a starting point for writing the exploit itself. From reading the history, they probably should have realized that this particular crash might be exploitable about a week ago, but apparently the particular engineer dealing with it was insufficiently paranoid to notice. (As for "going to work on it later", they did have a patch before there was an exploit; the exploit came out while it was going through the review/revision process.)
Great anecdote for future talks on security and disclosure, and I hope they tune their policies better. (I will bet, though, that this engineer won't make that mistake again! Man, I'm glad my errors don't generate news articles.)
(Log in to post comments)
JITter Bug (Linux Journal) Posted Jul 17, 2009 3:56 UTC (Fri) by roc (subscriber, #30627) [Link]
It's actually great when your errors generate news articles. OK it sucks in many ways, but at least it means your work is having impact.
JITter Bug (Linux Journal) Posted Jul 17, 2009 6:29 UTC (Fri) by nix (subscriber, #2304) [Link]
It means your code is being used, but is probably undetectably
infrastructural until you make a tiny error and generate news articles.
|
|||||||||||||