Prev: Messed Up Permissions
Next: To be accurately described as a luxury watch one of the criteria would be that a true designer of great artistic abilities designed such a timepiece. This high quality designer has deftly crafted and shaped the watch's case so the resulting appearanc
From: Jolly Roger on 23 Apr 2008 23:51
In article <mh197804-07DB49.23052923042008(a)news.verizon.net>,
Matt <mh197804(a)gmail.com.invalid> wrote:

> I don't quite understand your comment; why would you expect a system
> that "supposedly has no security issues" to pay no attention to
> security? If you go to a bank that advertises it has never had a
> robbery, would you be surprised to see cameras, guards, and a big vault?
> Perhaps there is a causal link that hasn't occurred to you?

You are responding to a troll, which is exactly what the troll wants.

--
Please send all responses to the relevant news group. E-mail sent to
this address may be devoured by my very hungry SPAM filter. I do not
read posts from Google Groups. Use a real news reader if you want me to
see your posts.

JR
From: Alec McKenzie on 24 Apr 2008 04:43
Michelle Steiner <michelle(a)michelle.org> wrote:

> About the OS component called QuickTime.

> Apple did more than merely patch a few (okay, 11) vulnerabilities with
> the recent release of QuickTime 7.4.5. According to a report from eWeek
> this update also included a series of improvements, for both Mac OS X
> and Windows Vista, designed to improve QuickTime's fundamental security
> by making vulnerabilities harder for attackers to exploit. To understand
> why these are so significant we need to take a moment to review a little
> bit about how bad guys attack computers, and why QuickTime is
> particularly difficult to secure.
>

> [snip...]

> The main body of the QuickTime version that runs in your Web browser is
> programmed in Java, which is a high-level language. A low-level
> language, like C, requires programmers to manipulate memory and the CPU
> almost directly.


This is quite wrong. C is a high-level language that does not
require programmers to manipulate memory and the CPU almost directly.
Such requirements arise only when writing at a truly low-level such
as assembler language or machine code.

Getting things so badly wrong shows such a lack of understanding of
what is involved as to raise serious doubts about the accuracy of
the rest of the article.

--
Alec McKenzie
alecusenet@<surname>.me.uk
From: billy on 24 Apr 2008 05:15
Alec McKenzie <alecusenet(a)my-surname.me.uk> writes:

> Getting things so badly wrong shows such a lack of understanding of
> what is involved as to raise serious doubts about the accuracy of
> the rest of the article.

If it's correct about the use of Java - well, that raises some serious
doubts about the people writing QT, too....

Billy Y..
From: JF Mezei on 24 Apr 2008 07:44
VMS solved the buffer overflow problem decades ago.

Executable code is loaded into pages of memory that are write protected.
So if there is a buffer overflow and the program unknowingly attempts to
write into/over executable code area, the program will crash with a
memory exception error. If you branch to an area of memory not declared
executable, you get a memory exception as well.

You need to use special system services to dynamically declare an area
of data memory as executable (for instance, if your program were to
dynamically build assembler code into a block of memory and decide to
branch to it, it would need to declare that page of memory as executable
before branching to it.
From: Matt on 24 Apr 2008 07:51
In article <jollyroger-12DADA.22512023042008(a)news.individual.net>,
Jolly Roger <jollyroger(a)pobox.com> wrote:

> In article <mh197804-07DB49.23052923042008(a)news.verizon.net>,
> Matt <mh197804(a)gmail.com.invalid> wrote:
>
> > I don't quite understand your comment; why would you expect a system
> > that "supposedly has no security issues" to pay no attention to
> > security? If you go to a bank that advertises it has never had a
> > robbery, would you be surprised to see cameras, guards, and a big vault?
> > Perhaps there is a causal link that hasn't occurred to you?
>
> You are responding to a troll, which is exactly what the troll wants.

Sorry, I haven't been on USENET in a while!

--
Matt
Remove 'invalid' from address before emailing
 |  Next  |  Last
Pages: 1 2 3
Prev: Messed Up Permissions
Next: To be accurately described as a luxury watch one of the criteria would be that a true designer of great artistic abilities designed such a timepiece. This high quality designer has deftly crafted and shaped the watch's case so the resulting appearanc