Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.falconk.rocks/users/falcon/statuses/111969135855603814">Falcon Darkstar (falcon@mastodon.falconk.rocks)'s status on Wednesday, 21-Feb-2024 20:04:18 JST</a><a href="https://mastodon.falconk.rocks/@falcon" title="falcon@mastodon.falconk.rocks"><img src="https://gnusocial.jp/avatar/100448-48-20230220163037.webp" width="48" height="48" alt="Falcon Darkstar" style="position: absolute; left: 0; top: 0;">Falcon Darkstar</a><div><a href="https://mastodon.falconk.rocks/@falcon/111969116306205893" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/218542" title="andreasdotorg@infosec.exchange">andreasdotorg</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@andreasdotorg">@andreasdotorg</a> <a href="https://queer.hacktivis.me/users/lanodan">@lanodan</a> <a href="https://social.treehouse.systems/@ariadne">@ariadne</a> All I'm really saying here is, the memory corruption RCE vulns tend to be in things that are heinously complex and hard to implement correctly (or even define correctness for), and meanwhile my professional experience and that of my colleagues is dominated by things like logic bugs in managed code that just give up all the sensitive data for fun, and nobody keeps track of those bugs, and I see no work on systematic mitigations for them.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2743630#notice-5440704">In conversation</a><time datetime="2024-02-21T20:04:18+09:00" title="Wednesday, 21-Feb-2024 20:04:18 JST">about 9 months ago</time> <span>from <span><a href="https://mastodon.falconk.rocks/@falcon/111969135855603814" rel="external" title="Sent from mastodon.falconk.rocks via ActivityPub">mastodon.falconk.rocks</a></span></span><a href="https://mastodon.falconk.rocks/@falcon/111969135855603814">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Falcon Darkstar (falcon@mastodon.falconk.rocks)'s status on Wednesday, 21-Feb-2024 20:04:18 JSTFalcon Darkstar
in reply to
- Haelwenn /элвэн/ :triskell:
- andreasdotorg
@andreasdotorg @lanodan @ariadne All I'm really saying here is, the memory corruption RCE vulns tend to be in things that are heinously complex and hard to implement correctly (or even define correctness for), and meanwhile my professional experience and that of my colleagues is dominated by things like logic bugs in managed code that just give up all the sensitive data for fun, and nobody keeps track of those bugs, and I see no work on systematic mitigations for them.
In conversationabout 9 months ago from mastodon.falconk.rockspermalink

Public

Embed Notice

HTML Code

Corresponding Notice