Security Basics mailing list archives
Re: FAX a virus
From: "Shreyas Zare" <shreyas () technitium com>
Date: Wed, 7 Mar 2007 13:28:18 +0530
Hi, I don't think not freeing memory will cause any problem. When your program terminates, the OS will do the cleanup job automatically and all the memory used by the program will be freed. Its FUD nothing else. Regards, On 3/3/07, Craig Wright <cwright () bdosyd com au> wrote:
Hello,
Attached is a small piece of code designed to write memory without freeing that memory - a situation that will
eventually cause a memory overrun and crash as I am not freeing the buffer.
int main(int argc, char **argv)
{ char * MemorytLeak = new char[32];
MemorytLeak [0] = 'B';
printf("%cn", MemorytLeak [0]);
}
You have recieved this as an email. It may be in text form or processed. I can however state that not a single person
receiving this e-mail will resultantly have a system crash due to receiving this code. If I was to write it into a
script and send the e-mail as HTML, I could still say the same.
Writing text in itself is not an attack. To make this into an attack, I have to do more than just sending it. Stating
that it is possible to inject script is not a function of a fax or an OCR engine. I could categorically compile or
otherwise run all code and script received a fax machine. I could meticulously ensure that no errors occurred and that
the code was correct load it into some application that will run it and state that I have been attacked.
This however is not an attack through fax or OCR for that matter. In the above-mentioned situation the attack occurs
not because I have received code, but rather as I have decided to run code or script on my system.
Regards,
Craig
PS
I reiterate, F.U.D.
-- (This e-mail was composed and sent completely using recycled electrons) Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Technitium Personal Computers We belive in quality. Visit http://pc.technitium.com for details.
Current thread:
- FAX a virus Alcides (Mar 01)
- RE: FAX a virus Scott Ramsdell (Mar 02)
- Re: FAX a virus Robert Wesley McGrew (Mar 02)
- RE: FAX a virus Craig Wright (Mar 06)
- Re: FAX a virus Shreyas Zare (Mar 07)
- Message not available
- FAX a virus - Rhetorical and logical Fallacies Craig Wright (Mar 07)
- RE: FAX a virus - Rhetorical and logical Fallacies Steven Hess (Mar 07)
- Re: FAX a virus Robert Wesley McGrew (Mar 02)
- RE: FAX a virus Scott Ramsdell (Mar 02)
- <Possible follow-ups>
- Re: FAX a virus anonymous (Mar 02)
- RE: FAX a virus Craig Wright (Mar 06)
- RE: FAX a virus Nick Duda (Mar 06)
- RE: FAX a virus- a PS Craig Wright (Mar 06)
- RE: FAX a virus Craig Wright (Mar 06)
- RE: FAX a virus Craig Wright (Mar 02)
- RE: FAX a virus Craig Wright (Mar 06)
- FUD, risk and videotape... Craig Wright (Mar 06)