By Brian MillerPosted Monday 21st April 2008 18:37 GMT
This is what is being done on Windows all the time. To combat this, Microsoft has been releasing "obfuscated" patches where a simple "diff" will generate too much information to dig through.
If the hacker is supported by an organization (i.e., he has a budget) then of course he'll get the application, along with updates. The automated tools are applied to create something which will crash the app, which gives the hacker the quick toe-hold he needs to create something to compromise the app. When the app crashes, that means that it has executed something it wasn't supposed to. Then exploit code is written to not crash the app, but compromise it.
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive
Comments on: Shrinking patch windows hit by automated attacks
So what's there to stop some hacker from buying a legal copy of the app... #
By Ishkandar Posted Monday 21st April 2008 14:43 GMT
@Ishkandar - Received patch to exploit window #
By Brian Miller Posted Monday 21st April 2008 18:37 GMT