DJB Announces 44 Security Holes In *nix Software 983
generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."
All you need is one more hole... (Score:5, Funny)
All you need to do is find one more hole, this one in the campus records department, and exploit it for improving your grade. If you have an "A" average otherwise, another "A" will look right in place. It's the "D" average people suddenly getting "A"s and "B"s that draw suspicion.
and the moral is: (Score:3, Funny)
but we've all learned a valuable lesson: don't take a class taught by DJB
How to pass this class (females only) (Score:1, Funny)
Hmm... (Score:4, Funny)
Where's the gumpf? (Score:5, Funny)
[ Part 2, Text/PLAIN (charset: unknown-8bit) 95 lines. ]
[ Unable to print this part. ]
But you have already found 10 bugs!!! (Score:5, Funny)
Why take for granted that the number of bugs to be found was expressed in base-10? Why not base-2?
Re:Don't just take this lying down, IMO (Score:5, Funny)
Re:Don't just take this lying down, IMO (Score:3, Funny)
fwiw this was obviously djb trying to get his students to dig up ammo for him to go on another one of his public penis-waving tantrums, acting all smug and high and mighty again (oh lookit me i wrote qmail and its all uber secure, and wooo lookit all the MISERABLE LAMERS WRITING SHIT CODE!!1!!111!)
Re:Most people will pass (Score:4, Funny)
Grading used the 'high tide' method. That is, better score in one area of the course (exam, project, assignments) could override a poor score in another area. All instructor's judgement.
One student I knew got a C+ and discovered that he had roughly the same scores in each area as another student who got an A. That is, guy I knew had a poor exam, but awesome project. Someone else had nearly identical exam scores, and nearly the same (A) project.
So guy-I-knew approached Parnas, and asked why.
"Becuase I don't like you".
And that was the end of it.
Re:ah, buffer overflows... (Score:5, Funny)
Well, there's the problem!
Re:But you have already found 10 bugs!!! (Score:4, Funny)
10 types of people ... (Score:3, Funny)
"There are only 10 types of people in the world: Those who understand binary, and those who don't"
Re:Misleading Title (Score:3, Funny)
Windows tries pretty hard to keep you from doing so.
only need one exploit (Score:1, Funny)
Re:Agreed, many profs are abusive (Score:3, Funny)
This is false.
We sleep with our students because they're just so damn sexy in their cute little spring wardrobes.
(I'm joking, I'm joking; stop slapping me with that trout already!)
How can you fail with open source?? (Score:3, Funny)
2) Post forks of programs with extra bugs inserted.
3) Profit!
You see - there's a number 2 step, thanks to open source.
Re:Don't just take this lying down, IMO (Score:3, Funny)
For 1 city, you're already done.
For 2 cities, you start in one and go to the other.
For three cities, you find the two cities furthest from eachother, travel from one of them to the middle city and then to the far city.
Obviously it's no more complex for (any-value-of-N) cities.
Re:Agreed, many profs are abusive (Score:3, Funny)
The scary thing is, you're a kindergarten teacher!
Duh! (Score:3, Funny)
Re:If the majority of the class failed... (Score:3, Funny)
Re:Don't just take this lying down, IMO (Score:3, Funny)
Wait, to late.
Re:Don't just take this lying down, IMO (Score:4, Funny)
Re:Misleading "Exploits" (Was Re:Misleading Title) (Score:3, Funny)
2 You, apparently without ever looking at it, run that file through something like jpeg2avi or nasm
3 Gasp! You've been 0wned!
Which is precisely how many Win boxes get compromised.
Re:Misleading Title (Score:3, Funny)
Um, because it's what most Windows users spend most of their time with? :-)
Re:Don't just take this lying down, IMO (Score:1, Funny)
Re:Good idea? (Score:4, Funny)
Of course you failed. Obviously, half of you were supposed to rapidly deploy buggy software via sourceforge while the other half "fixed" the problems. Or don't you know more about Dilbert than us professionals? :)
Re:Don't just take this lying down, IMO (Score:3, Funny)
Re:Misleading Title (Score:5, Funny)
No it isn't, you moron!
Re:Good luck with that one.... (Score:2, Funny)
At least the assignment wasn't.... (Score:2, Funny)
Re:I can see it now... (Score:3, Funny)
I wouldn't say that to DJB. He'd probably pull out 20 or 30.
I doubt it - sendmail doesn't count.
Re:Agreed, many profs are abusive (Score:1, Funny)
And you have never seen a female use tears to play on someones emotions and get their own way?
I was once naiive like you.
And I was once bitter like you.
Re:It's just an assignment - Did you even go to un (Score:3, Funny)
No matter how incidentally or innaccurately, I was favorably compaired to Neils Bohr.
JUST for future reference (Score:3, Funny)
Not to be an asshole, but it's per se [sacklunch.net]
Re:Good idea? (Score:3, Funny)
Re:Varying levels of seriousness... (Score:3, Funny)
***!!!Error you are using the standard libary!!!!***
Switch to the much better Win32 API or we'll tell your boss you are using something portable.