
What Is a RCE (Race Condition Exploit) (used by WannaCry's Use of EternalBlue) - rajrao
http://cecs.wright.edu/~pmateti/InternetSecurity/Lectures/RaceConditions/index.html
======
NicolaiS
Race-condition _exploit_ ? RCE is almost always an abbreviation for _Remote
Code Execution_ , lets keep it that way.

~~~
pavement
Ha! Yeah, these TLA (three letter acronym) collisions can only add confusion
to already confusing scenarios.

How an exploit breaks through normal behaviors and policies is less important
that what happens as a result. These kinds of distinctions are not unlike
"cause of death" and "manner of death" in forensic pathology. Manner of death
is what determines whether investigators really care about checking into a
possible crime, like anything unnatural probably could use some attention.

The interesting part about race condition exploitation though, is that it's
something an attacker can probably leverage against even garbage-collected
managed memory runtimes, since programmers might introduce these kinds of bugs
more readily.

But beyond that sort of detail, the already spilt milk of gaining total
control is of greater interest, rather than the nuance of how it happened.

