Re: News, dumbug, prediction rebuttals.

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas H. Ptacek wrote:

> On (1) I'm trying to be conservative and also thinking about how
> virtualization and "hosting-style" deployment factors in. Honestly,
> I believe current results will be extended further and the real
> attacks will be remote. I largely agree with your specific point
> without conceding that it impacts mine.
I'll extend my statement to say that root inside a virtual machine is
always root on the host. :> I'm not sure if people are going to start
doing timing attacks remotely - I haven't felt the urge, but maybe
someone will spend a lot of time on it for a blackhat talk or
something. What's Kaminsky up to these days? Can I do timing attacks
to get keys from DNSSec? Inquiring minds want to know...but not to do
all that work it would involve to actually find out. :>

> On (2) your guess is probably better than mine, but I stand by the
> prediction. Either ridiculously intense auditing helps or it
> doesn't, and if it does, at this point it's gotta start showing
> for MSFT.

IMO, intense auditing is really just a warm up. OpenSSH is the most
intensely audited code on the planet and it still has problems that
require them to change their architecture to avoid exposing too much
code to the pre-auth world. But Microsoft can't change their
architecture. It was born broken, and things like the MSRPC memory
exhaustion bug are an indicator as to how far they have yet to go.

My gut feeling is based on my use of XP SP2 for the past year or so,
and how naked I felt  even when being really careful and only using
Firefox - compared to my use of Linux for the past couple days. So I
guess we'll see. :>

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFDqs9iB8JNm+PA+iURAo/MAKCIzty/HaXHR38P4gT2aHkTOqGyHgCg0+2E
HXIEji3HMGWlw81i1Qse9VA=
=APoa
-----END PGP SIGNATURE-----