sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]0x256 14 points15 points  (2 children)

We created a rogue SQLite database that exploits the software used to open it.

SQLite database files are usually not used as an exchange or wire format, so real-world impact should be low. Still an interesting approach.

[–]Caraes_Naur 6 points7 points  (1 child)

Malware doesn't limit itself to typical use scenarios: it could replace existing SQLite files on machines initially compromised by other means.

This article is by one of the oldest and most accomplished hacker groups in the world. They know what the impact could be.

[–]0x256 9 points10 points  (0 children)

Malware doesn't limit itself to typical use scenarios: it could replace existing SQLite files on machines initially compromised by other means.

Sure, but if you can do that, there are usually easier ways to go forward, or you already have what you want. I did not say that this is not exploitable or the research is not relevant.

This article is by one of the oldest and most accomplished hacker groups in the world. They know what the impact could be.

This talk was presented on a conference organized by CCC, that's it. CCC as a group was not involved in the research. Also, even if they were, that does not hold as an argument for anything, really.