For example, taken from his posting:
"If the title promises the
latesttactics, why waste time on ancient history? When promising
details, why only scratch the surface and throw out a few buzzwords? This was probably one of the most wasteful hour I've spent in a long time. Heck, I might have enjoyed an HR seminar more than this baloney."
FYI, the context of the above sentence was when he attended a seminar's session conducted by Eugene Kaspersky ( a familiar name for you? yes, this guy writes anti virus). So, as you can see, Mr. Drepper highly criticized the "mismatch" between the session's title and the actual materials. All I can say, Mr. Drepper is very hard-to-pleased :) And he called this session was a baloney...oh my! :)
How about this?
"There are two ways I can interpret Steve's comments:
- On Windows, because it is such a soft target, attackers didn't have to bother with more sophisticated attacks and they really didn't happen. In this situation the attackers will simply adapt and use the attack vectors I described above.
- Steve doesn't know what he's talking about and he's doing his listeners a disservice by suggesting they are almost completely safe just because they enable NX.
More interesting right? Oh before I forgot, you can read them all from Ulrich Drepper journal. Ok back, Mr Drepper "clearly and honestly" told us that this Steve G had no adequate idea on how NX bit really works, what it can prevent and what it can't. And certainly, a return-to-libc is simple enough to defeat this if you found a buffer overflow case.
All in all, I found Mr Drepper as highly technical but also a quite verbose thinker kind of man. Absolutely no holding back when speaking his mind. Some people (including me) do like this style, but the rest are not. Personally, via this blog, I suggest to Mr. Drepper to calm down a bit and find better wording to criticize those morons. OK, now I am really rude :))
yours truly,
Mulyadi Santosa
No comments:
Post a Comment