var imgWindow = ""; function openPopup(img, width, height) { if (img && width && height) { width = Math.min(width + 36, 640); height = Math.min(height + 30, 480); if (imgWindow.location && !imgWindow.closed) imgWindow.close(); imgWindow = window.open(img, "imgWindow" + width + height, "toolbar=no,location=no,directories=no,status=no,scrollbars=yes,resizable=yes,width=" + width + ",height=" + height); // imgWindow.focus(); } }
It's a shampoo world anyway
 
Mittwoch, 19. September 2007


Why I do not like taint tracking


While I was giving a talk yesterday on our dynamic and language based approaches concerning the avoidance of code injection vulnerabilities at Laboratory for Dependable Distributed System at the University of Mannheim, I came up with a nice description, why I dislike dynamic taint tracking:

Preventing code injection exploits using dynamic taint tracking is like letting a thief in your house and checking his bag for stolen goods at the very moment he tries to leave. It might work, but only if you never lose track of the gangster and if you really know your house. However, I would prefer a solution that does not let thieves in my house in the first place.

(Nonetheless, I think taint tracking obviously has a valid place in the defender's arsenal)


 
online for 5715 Days
last updated: 09.04.14 16:14
status
Youre not logged in ... Login
menu
... home
... topics

... antville home

Juni 2017
MoDiMiDoFrSaSo
1234
567891011
12131415161718
19202122232425
2627282930
Juni
about:
the shampoo world is
the personal weblog of Martin Johns.
recent

xml version of this page

Made with Antville
powered by
Helma Object Publisher




...welcome to the long tail...