 |  |  |  |  |  |  |  |
Checking vulnerabilities without access to the source code?
 |
hi,
we often hear that a certain software product has security holes as claimed by research firms/ hackers and security solutions vendors. i just came across one article as follows,
about sql server and oracle rdbms.
http://www.theinquirer.net/default.aspx?article=36000
as far as i understand, in order to know in what sense a software is having a security issue/hole/vulnerability, one needs to have access to the source code of the product in question. but many a time it looks like that source code is not made available to these companies/hackers etc and still they report the problems. how does this work? thanks.
we often hear that a certain software product has security holes as claimed by research firms/ hackers and security solutions vendors. i just came across one article as follows,
about sql server and oracle rdbms.
http://www.theinquirer.net/default.aspx?article=36000
as far as i understand, in order to know in what sense a software is having a security issue/hole/vulnerability, one needs to have access to the source code of the product in question. but many a time it looks like that source code is not made available to these companies/hackers etc and still they report the problems. how does this work? thanks.
•
•
Join Date: May 2006
Posts: 1,812
Reputation: 
Solved Threads: 117
It is not required, you can learn a lot from windows internals books,oracle handbook, you already have some opensource like postgresql/linux to play with and list down what all are the main bugs, try to attack a simmilar database/os using the knowledge you have gained
Assignment Help | Web Design Service | Homework Help | 498a
Programming Help | Need Help ? | Job Interview | Top 10 Hosts
Programming Help | Need Help ? | Job Interview | Top 10 Hosts
•
•
•
•
Originally Posted by ithelp 
It is not required, you can learn a lot from windows internals books,oracle handbook, you already have some opensource like postgresql/linux to play with and list down what all are the main bugs, try to attack a simmilar database/os using the knowledge you have gained
Part of the problem Microsoft has, is that programmers are not fools. Back in the 80's M$ stole software sure that they had enough lawyers to keep a programmer in court forever. SO- programmers began inserting "back doors" into their code, strings of assy bytes, that if called could call external subroutines you know as viruses.
So, Microsoft has stolen the code along with the back doors, and at this point, has no idea how much it has stolen.
So, Microsoft has stolen the code along with the back doors, and at this point, has no idea how much it has stolen.
•
•
•
•
Originally Posted by Day Brown
Part of the problem Microsoft has, is that programmers are not fools. Back in the 80's M$ stole software sure that they had enough lawyers to keep a programmer in court forever. SO- programmers began inserting "back doors" into their code, strings of assy bytes, that if called could call external subroutines you know as viruses.
So, Microsoft has stolen the code along with the back doors, and at this point, has no idea how much it has stolen.
My current Project www.footystat.com
|
Similar Threads
- Installing software on Linux: source code (*nix Software)
- How to download source code for NetBeans and Eclipse? (Java)
- Source code for printf, scanf, cin, cout? (C)
- Source code implementing Latent Semantic Indexing (C++)
- RE: Leaked Windows Source Code (IT Professionals' Lounge)
- Windows 2K source code? (Windows NT / 2000 / XP)
Other Threads in the IT Professionals' Lounge Forum
- Previous Thread: dual boot
- Next Thread: I appear to have built a blog
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest IT Professionals' Lounge Posts
- Today's Posts
- Unanswered Threads
1gbit advertising advice amazon archive british broadband business businessprocesses career carrier censorship cern china cio collectiveintelligence connectivity consumer consumers corporateearnings datatransfer debtcollectors dictionary digg digital ebay ecommerce email employment environment facebook food government grid high-definition hottub infodelivery infotech intel internet interview ipod isp japan kindle lhc library malware marketing mit moonfruit news onlineshopping piracy piratebay pope porn program r&d religion remoteworking research retail security sex shopping simple skype smallbusiness smb sms socialmedia socialnetworking software softwareengineer spam speed spending startrek statistics stocks study stumbleupon survey tabletpc technology touch-screen touchscreen twitter uk videoinprint voips web webdeveloper windows words
