Re: Tectonic Shifts

[David Maynor <dave () 0dayspray com>]

On Wed, 2003-12-10 at 17:36, Kurt Seifried wrote:
> Heck, Microsoft even thinks it is likely:
>
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/msit/security/mssecbp.asp
>
> "Current Level of Risk: There is a medium to high probability that within
> the next year, a successful attack will occur that could compromise the High
> Value and/or Highest Value data class. "
>
> Highest Value class includes Windows source code.
>
> Thing is will they detect it promptly, or?
People seemed convinced that the attack will be against the source code
itself. It would be foolish for somebody who has gotten that far to
modify source code, detecting it is almost trivial. What would a clever
hacker do? You attack the tools that build the src. A compiler that will
automaticaly insert a backdoor into the code at build time would be the
best bet in escaping detection. You have some worries, like integrity
checkers noticing the compiler is diffrent. 
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave