Rev as server immune to buffer overflow?

MisterX b.xavier at internet.lu
Fri Apr 22 13:35:08 EDT 2005


regarding the comment about Tuv's RSA stack example, mail from Klaus if i
remember right (no offense included at all!), is that knowledge of RSA
technology my help decypher Tuv's work. Im sure he'll be honored!

Unless Tuv is the kind of programmer that uses girl's names for variables,
it shouldn't be a problem to understand... (unless stack scripts are locked
;)

But what i mean is that we can all read RSA code to a degree if we know what
RSA is about...  

Right Tuv ?

RSA is cool, in use by many banks for transactions but kind of obsolete
given quantum cyphers or computers. 

Nonetheless, like satelitte or any secured channel transmission, the crypto
technology is less interesting than the implementation that really makes it
secure - no middleman or brute force attacks allowed for example...

cheers
Xav

> -----Original Message-----
> From: use-revolution-bounces at lists.runrev.com 
> [mailto:use-revolution-bounces at lists.runrev.com] On Behalf Of MisterX
> Sent: Friday, April 22, 2005 19:13
> To: 'How to use Revolution'
> Subject: RE: Rev as server immune to buffer overflow?
> 
> Richard,
> 
> Im glad you asked this but I didn't want to scare the community... ;)
> 
> Buffer overflow only affect cpu register handling. Macs have 
> data and execution (scripts ;) register in their cpus while 
> PCs have a mixed register where the malicious calls can be 
> "faked"... Data becomes "script" and voila
> - compromized! Macs are inmune more or less. And i guess pc 
> makers are trying to fix that too... 
> 
> I wouldn't be concerned with them as much as securing a 
> transaction protocol before doing any net negotiation... Or 
> making a secure registration protocol for securing your 
> software. Etc, etc...
> 
> Beware there's a zillion more security holes worse than 
> those. I know a lot in Rev but hell im gonna tell ya! Just 
> today, we just got some free tickets to a race in zolder.be 
> through a stupid web-form where you could add your name to 
> print the ticket in the url ;)) Just an example...
> 
> So regarding, a past mail against Tuv's RSA examples, the 
> best security is through education, nothing more. I have a 
> pc, web server, mysql, and i've been able to plug in each 
> hole and rarely, rarely get a virus (2 in 4 years without 
> damage) - spywares took me by surprise once... and that will 
> go even through Chipp's ieexplorer plugin - left by default 
> open by the software maker again? OK, i didn't know it, it's 
> patched now... No big deal. But Thanks to backups and 
> "reasonable" usage, there's no danger!!! If you want real 
> security buy it or learn it... Only took 20 rules to rule out 
> most of my spam! Things like that, just take the users 
> ingenuity, nothing more... 
> 
> there's no substitute for education
> 
> Xav
> http://monsieurx.com
> 
> > -----Original Message-----
> > From: use-revolution-bounces at lists.runrev.com
> > [mailto:use-revolution-bounces at lists.runrev.com] On Behalf 
> Of Richard 
> > Gaskin
> > Sent: Friday, April 22, 2005 18:36
> > To: How to use Revolution
> > Subject: Rev as server immune to buffer overflow?
> > 
> > I vaguely recall someone quoting Scott Raney as saying that buffer 
> > overflow issues aren't a concern when building any socket apps with 
> > the engine.
> > 
> > Do I recall correctly?  Any of you have more background on that?
> > 
> > --
> >   Richard Gaskin
> >   Fourth World Media Corporation
> >   __________________________________________________
> >   Rev tools and more: http://www.fourthworld.com/rev 
> > _______________________________________________
> > use-revolution mailing list
> > use-revolution at lists.runrev.com
> > http://lists.runrev.com/mailman/listinfo/use-revolution
> > 
> 
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> http://lists.runrev.com/mailman/listinfo/use-revolution
> 



More information about the use-livecode mailing list