moin moin,
during Aaron's presentation last night we discussed how a static video or
image file could be used to infect a computer.
Here's a group that used a DNA sequence to exploit a buffer overflow in an
application that searches DNA sequences.
In this case they cheated, by adding the vulnerability, but it
demonstrates what we were discussing at the meeting last night.
----
“The conversion from ASCII As, Ts, Gs, and Cs into a stream of bits is
done in a fixed-size buffer that assumes a reasonable maximum read
length,” explained co-author Karl Koscher in response to my requests for
more technical information.
That makes it ripe for a basic buffer overflow attack in which programs
execute arbitrary code because it falls outside expected parameters. (They
cheated a little by introducing a particular vulnerability into the
software themselves, but they also point out that similar ones are present
elsewhere, just not as conveniently for purposes of demonstration.)
----
https://techcrunch.com/2017/08/09/malicious-code-written-into-dna-infects-the-computer-that-reads-it/#
ciao,
der.hans
--
#
https://www.LuftHans.com https://www.PhxLinux.org
# You can't handle the source! - der.hans---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)