[Cryptography] Questions of taste on UDF presentation

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Feb 19 11:26:23 EST 2019


Phillip Hallam-Baker <phill at hallambaker.com> writes:

>Stop using C/C++, use Java, C# or any modern language that has array bounds
>checking built in and 99% of the current attack vectors are shut immediately.

s/current attack vectors are shut immediately/
  C-specific attack vectors change to Java-specific attack vectors immediately/

Switching from $language_1 to $language_2 just means that all the attacks
specific to language_1 are swapped for ones from language_2.  A few years ago
(not sure what the current stats are but I assume it hasn't changed that much)
Java was the second-biggest source of 0day after Flash, which I'm not sure
it's actually possible to beat in terms of security vulns... well, WordPress
perhaps.  In particular, a lot of the Java vulns are in the JVM and similar,
which is an attack vector that doesn't even exist in C.

Peter.

​


More information about the cryptography mailing list