Some of Our Sources
- Simplebits
- Joshua Blankenship
- Pearsonified
- Smashing Magazine
- Inspiredology
- My Ink Blog
- Reencoded
- Line 25
- Wal You
- Hashedout
Help Webnuz
Referal links:
August 20, 2016 04:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KFRiDQloJM8/computer-science-professor-mocks-the-nsas-buggy-code
Computer Science Professor Mocks The NSA's Buggy Code
After performing hours of analysis, a computer science professor says he's "not impressed" by the quality of the recently-leaked code that's supposedly from an NSA hacking tool. An anonymous Slashdot reader writes: The professor, who teaches Software Vulnerability Analysis and Advanced Computer Security at the University of Illinois, Chicago, gripes about the cryptography operations employed in the code of an exploit called BANANAGLEE, used against Fortinet firewalls. Some of his criticism include the words "ridiculous", "very bad", "crazy" and "boring memory leaks". "I would expect relatively bug-free code. And I would expect minimal cryptographic competence. None of those were true of the code I examined which was quite surprising," the professor told Softpedia in an email. If these were cyberweapons, "I'm pretty underwhelmed by their quality," professor Checkoway writes on his blog, adding that he found "sloppy and buggy code," no authentication of the encrypted communication channel, 128-bit keys generated using 64 bits of entropy, and cypher initialization vectors that leaked bits of the hash of the plain text...Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KFRiDQloJM8/computer-science-professor-mocks-the-nsas-buggy-code
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot