[Cryptography] "NSA-linked Cisco exploit poses bigger threat than previously thought"
Jerry Leichter
leichter at lrw.com
Tue Aug 23 16:45:05 EDT 2016
We haven't had any discussion of the recent leak of NSA hacking tools. The PIX firewall attacker can actually attack even current versions of ASA, PIX's replacement. In fact, there is apparently still no actual patch for the vulnerability:
http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/
Buffer overflows. How are we *still* fighting buffer overflows? Why haven't we developed and standardized, not just improved string libraries, but generic internally-length-checked libraries for the basic problems that programmers keep solving incorrectly?
-- Jerry
More information about the cryptography
mailing list