[erlang-questions] Atom Unicode Support
Fred Hebert
mononcqc@REDACTED
Wed Feb 3 17:47:59 CET 2016
On 02/03, Felix Gallo wrote:
>There's also an interesting security issue around Unicode source code.
>
>Take for example the recent hack of Cryptsy, which involved a guy taking
>what looked like an innocent and safe pull request to fix an issue in one
>part of his software, but through the magic of the preprocessor, turned out
>to do something else entirely:
>
>http://earlz.net/view/2016/01/16/0717/analyzing-the-56-million-exploit-and-cryptsys-security
My counter-argument to that is that you don't need any of that cool UTF
stuff to do that.
See:
- http://www.underhanded-c.org/ underhanded C contest is all about
writing regular looking C code doing nasty stuff
- http://arstechnica.co.uk/security/2015/12/researchers-confirm-backdoor-password-in-juniper-firewall-code/
juniper code was broken by someone adding in a password check that
looked like a log line
- http://arstechnica.com/security/2016/02/crypto-flaw-was-so-glaring-it-may-be-intentional-eavesdropping-backdoor/
using a non-prime in crypto communication, possibly being a backdoor.
More information about the erlang-questions
mailing list