Finally starting a blog

re: Finally starting a blog

jackjeff — Fri, 13 Apr 2007 14:27:41 GMT

So it's not a security issue alright....

But it's still a bug. The normal behavior of Word would be to tell the user "your document is malformed and I can't open it" instead of lamely crashing.

[dcl] Yup, bad programmer, no biscuit. If it crashes, it's a bug, bad user experience, not what I like to see shipping. But not all bugs, or all crashes are exploits.

I can understand that fixing that types of bugs was not really a priority for a company which was some yrs late to deliver its main product: an updated version of the OS.

[dcl] The programmers who shipped Vista work in Windows, which is a whole different division than the one that ships Word (pretty much on time, thankyouverymuch). If it had been a _known_ bug, it would have been fixed, and now that it is a _known_ bug, it will be fixed. Bugs don't have to be exploitable to merit getting fixed. Crashes are bad, ok..

“Now With More Crashes!” at Imperium Zorloci

“Now With More Crashes!” at Imperium Zorloci — Fri, 13 Apr 2007 22:16:48 GMT

PingBack from http://blogs.imperium.org/zorloc/archives/201

re: Finally starting a blog

Felix von Leitner — Fri, 13 Apr 2007 22:31:55 GMT

I disagree. Saying you can either crash or get owned is a false dilemma.

Crashing instead of getting owned does not help the customer, because he can still lose his data. He won't get a worm (unless you missed some other wormable issue), but still, that's just reducing the severity from "critical" to "moderate". It's still a bug. The customer still wants it fixed. The only one who has an actual advantage of this is you, because you only have to answer for a DoS, not a worm.

[snip]

[dcl]

Customer doesn't lose any data. You double-click on the bad file, it didn't have any data you wanted. Any files you had open you did want get caught with auto-save or doc recovery. That's what makes it a nuisance, not a vuln.

Some of the rest of what you said, I'm agreeing with - crashing is bad, ok. Crashing is still better than running arbitrary code. A lot of the rest of the discussion is around the engineering aspects of understanding and recovering from the flaw, which is a longer topic than I'm going to get into today.

re: Finally starting a blog

Matt Boersma — Fri, 13 Apr 2007 23:05:22 GMT

"If you blew up my app, and I just don't load that document again, big deal."

When BeOS first hit the streets, we loved it. It was the first multi-CPU box many of us had gotten to play with.

BeOS had (has?) a performance monitor app with one load meter per CPU, and a checkbox beneath. By clicking the checkbox, you could shut off one of the two CPUs to see the effect on the system load.

And...you could shut off the other CPU, too. Clicking both checkboxes halted the machine.

Perfectly logical, to a programmer.

Ridiculously hostile, to a user.

No one uses BeOS any more.

Una interessante teoria di Microsoft

Around and About .NET World — Mon, 16 Apr 2007 11:46:52 GMT

Checking Allocations & Potential for Int Mayhem

David LeBlanc's Web Log — Thu, 17 Apr 2008 00:37:36 GMT

Must be synchronicity. I started out the day with a really interesting mail from Chris Wysopal talking