On Tizen and buffer overflows

"'It may be the worst code I've ever seen,' he told Motherboard in advance of a talk about his research that he is scheduled to deliver at Kaspersky Lab's Security Analyst Summit on the island of St. Maarten on Monday. 'Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software.'"

Eh, it's Tizen. I already expected this.

"One example he cites is the use of strcpy() in Tizen. 'Strcpy()' is a function for replicating data in memory. But there's a basic flaw in it whereby it fails to check if there is enough space to write the data, which can create a buffer overrun condition that attackers can exploit. A buffer overrun occurs when the space to which data is being written is too small for the data, causing the data to write to adjacent areas of memory. Neiderman says no programmers use this function today because it's flawed, yet the Samsung coders 'are using it everywhere.'"


Sometimes reblogging takes the form of a desperate prayer that people will finally care about how unbelievably bad things are.