[erlang-questions] Atom Unicode Support

Fred Hebert mononcqc@REDACTED
Wed Feb 3 17:47:59 CET 2016


On 02/03, Felix Gallo wrote:
>There's also an interesting security issue around Unicode source code.
>
>Take for example the recent hack of Cryptsy, which involved a guy taking
>what looked like an innocent and safe pull request to fix an issue in one
>part of his software, but through the magic of the preprocessor, turned out
>to do something else entirely:
>
>http://earlz.net/view/2016/01/16/0717/analyzing-the-56-million-exploit-and-cryptsys-security

My counter-argument to that is that you don't need any of that cool UTF 
stuff to do that.

See:

- http://www.underhanded-c.org/ underhanded C contest is all about 
  writing regular looking C code doing nasty stuff
- http://arstechnica.co.uk/security/2015/12/researchers-confirm-backdoor-password-in-juniper-firewall-code/ 
  juniper code was broken by someone adding in a password check that 
  looked like a log line
- http://arstechnica.com/security/2016/02/crypto-flaw-was-so-glaring-it-may-be-intentional-eavesdropping-backdoor/
  using a non-prime in crypto communication, possibly being a backdoor.




More information about the erlang-questions mailing list