MobileRead Forums - View Single Post

yifanlu · 01-17-2012, 05:38 PM

I've said this many times before. We have payloads. Not exploits. The tar bug is an exploit. Using it in various ways are different payloads. I don't troll, I like to point out misinformation so they don't get spread and raise expectations.

The fastboot/USB download is NOT an exploit. It's a door left open on purpose (or by accident) for developers. An exploit is using a bug in some code to execute unsigned code.

If amazon fixes the tar bug. They FIX the tar bug, not just one specific payload. Now there is the chance that your payload will still work (actually, seeing amazon's record, it's a high chance) but we can't depend on it. For example, the pervious update fixed two other payloads for the mp3 bug including one that allows HTML injection on the device name.

Anything else is beyond my knowledge, which is why I started out with "AFAIK"

01-17-2012, 05:38 PM	#100
yifanlu Kindle Dissector Posts: 662 Karma: 475607 Join Date: Jul 2010 Device: Amazon Kindle 3	I've said this many times before. We have payloads. Not exploits. The tar bug is an exploit. Using it in various ways are different payloads. I don't troll, I like to point out misinformation so they don't get spread and raise expectations. The fastboot/USB download is NOT an exploit. It's a door left open on purpose (or by accident) for developers. An exploit is using a bug in some code to execute unsigned code. If amazon fixes the tar bug. They FIX the tar bug, not just one specific payload. Now there is the chance that your payload will still work (actually, seeing amazon's record, it's a high chance) but we can't depend on it. For example, the pervious update fixed two other payloads for the mp3 bug including one that allows HTML injection on the device name. Anything else is beyond my knowledge, which is why I started out with "AFAIK" Last edited by yifanlu; 01-17-2012 at 05:42 PM.