Cart
[Home] [By Thread] [By Date] [Recent Entries]
On Wed, 2016-07-20 at 15:16 -0400, Simon St.Laurent wrote: > Well, no, probably they shouldn't have, but this mention of ASN.1 and > a potentially major security flaw reminded me of long-ago > conversations here about the value or lack thereof of (relatively > generic) binary formats. > > http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-pho > nes-and-networks-at-risk-of-complete-takeover/ I don't think we can promise that EXI implementations are more secure than ASN.1 implementations. But maybe you saw one of the talks given at Usenix where the researchers unlock a car remotely using a cellphone, then make it start the engine. The vulnerability they used (as I recall) involved buffer overruns in Web services implementations. Liam -- Liam R. E. Quin <liam@w...> The World Wide Web Consortium (W3C)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
