Dailydave mailing list archives
News, dumbug, prediction rebuttals.
From: Dave Aitel <dave () immunityinc com>
Date: Wed, 21 Dec 2005 16:35:13 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.immunityinc.com/news-latest.shtml now has links to an analyst whitepaper on Immunity and the market in general. http://www.immunityinc.com/downloads/dumbug_good.tgz <--updated and documented version of FX's dumbug that crashes less (for me, YMMV). All sorts of binaries are included, so you'll have an easier time compiling it. Some documentation added to files where I felt the C++ code was confusing. Thomas Ptacek posted his predictions for next year, and here's my rebuttal, Motley Fool's style. Statements in triple-quotes are his. """ 1. Side-Channel and Timing Attacks Go Mainstream The prediction I am least qualified to make, but most interested in. Remote cache timing <http://cr.yp.to/antiforgery/cachetiming-20050414.pdf>, local cache timing, HTT <http://www.sockpuppet.org/tqbf/log/2005/05/cpu-caches-threat-or-menace_18.html>, virtualization, distributed side-channel analysis <http://www.cryptography.com/resources/whitepapers/DPA.html>. To paraphrase a friend who knows the space better than me: "The 10 people in the world who actually spent any time thinking about this had no access to a [useful] side channel... other than Bernstein, no public crypto projects are doing anything about this in a systematic way". We're approaching a point where localhost "nobody" will equate to key recovery. """ 1. Local nobody is equivelent to local root. This has historically been true for every OS ever made, is still true, and will always be true. And tar cvzf /etc/sshd/* is faster and easier than doing impossibly unreliable timing attacks against crypto. """ <http://addxorrol.blogspot.com/2005/12/microsoft-is-moving-gui-code-back-out.html> A Windows Vulnerability Drought <http://addxorrol.blogspot.com/2005/12/microsoft-is-moving-gui-code-back-out.html> Take one of the smartest companies in technology, pump an apocryphal billion dollars into security, and nearly monopolize the best secure coding talent on the market, and you will get results. """ 2. My prediction: No windows vulnerability drought. Something I realized when I was finally forced to switch over to Fedora Core 2 for security reasons was that XP SP2 solved the problem with people getting owned every time they connected their computer to the Internet. But it didn't solve the problem of people getting owned every time they used an application on their computer. And Windows Servers, while not as vulnerable as they used to be, are still ownable by people who care. A real drought is waiting on wide deployment of hardware that supports the NX bit, which is...not next year. Essentially, Microsoft didn't spend nearly enough money on security (hence all those billions in the bank), and didn't follow the Open Source community's innovations closely enough. And the architecture is still a mess...I don't see a drought in the near future at all. NX + Vista and then...maybe. Even that just adds a bit of expense for those of us who have a Sinan Eren and Nicolas Waisman on staff . """ A Credible Open-Source SIM There's about $100MM spent annually on products that manage and correlate logs. Guess what? None of it is hard to do. The underlying tools are there. Customers know how to do this better than the vendors do. Expect a mainstream open-source combination of Argus <http://www.qosient.com/argus/> and Sguil <http://sguil.sourceforge.net/>to own the security management conversation next year. """ 3. My prediction: No credible open source SIM (aka, log aggregator). Boring work gets done by corporations, and that's that. Not to mention the impossibly high barrier to market of having to purchase and maintain all the random devices that generate logs. Anyways, as always, those are only opinions. I guess we'll find out next year. :> - - -dave - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDqcaNB8JNm+PA+iURAhiZAJ9s4lAnI3K8fxZ+7JeMEMN7EzDYiwCg8RwL TqMaMMXivMUoe33Cd7b7iT4= =pLn9 - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDqcqQB8JNm+PA+iURAqSsAJ4+/OU4eNWWSzWdn1E+Kg7lnDrVWwCgqUNK D+WwjzkOeFrc0u97qrELvI4= =IFRN -----END PGP SIGNATURE-----
Current thread:
- News, dumbug, prediction rebuttals. Dave Aitel (Dec 21)
- Message not available
- Re: News, dumbug, prediction rebuttals. Dave Aitel (Dec 21)
- Message not available
- Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 21)
- Re: News, dumbug, prediction rebuttals. David J. Bianco (Dec 21)
- Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 22)
- Message not available
- Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 23)
- Message not available
- Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 23)
- Re: News, dumbug, prediction rebuttals. David J. Bianco (Dec 21)
- Re: News, dumbug, prediction rebuttals. Dave Aitel (Dec 22)
- Re: News, dumbug, prediction rebuttals. Florian Weimer (Dec 22)
- Re: News, dumbug, prediction rebuttals. Blue Boar (Dec 22)