Dailydave mailing list archives
Re: News, dumbug, prediction rebuttals.
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 22 Dec 2005 11:08:03 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas H. Ptacek wrote:
On (1) I'm trying to be conservative and also thinking about how virtualization and "hosting-style" deployment factors in. Honestly, I believe current results will be extended further and the real attacks will be remote. I largely agree with your specific point without conceding that it impacts mine.
I'll extend my statement to say that root inside a virtual machine is always root on the host. :> I'm not sure if people are going to start doing timing attacks remotely - I haven't felt the urge, but maybe someone will spend a lot of time on it for a blackhat talk or something. What's Kaminsky up to these days? Can I do timing attacks to get keys from DNSSec? Inquiring minds want to know...but not to do all that work it would involve to actually find out. :>
On (2) your guess is probably better than mine, but I stand by the prediction. Either ridiculously intense auditing helps or it doesn't, and if it does, at this point it's gotta start showing for MSFT.
IMO, intense auditing is really just a warm up. OpenSSH is the most intensely audited code on the planet and it still has problems that require them to change their architecture to avoid exposing too much code to the pre-auth world. But Microsoft can't change their architecture. It was born broken, and things like the MSRPC memory exhaustion bug are an indicator as to how far they have yet to go. My gut feeling is based on my use of XP SP2 for the past year or so, and how naked I felt even when being really careful and only using Firefox - compared to my use of Linux for the past couple days. So I guess we'll see. :> - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDqs9iB8JNm+PA+iURAo/MAKCIzty/HaXHR38P4gT2aHkTOqGyHgCg0+2E HXIEji3HMGWlw81i1Qse9VA= =APoa -----END PGP SIGNATURE-----
Current thread:
- News, dumbug, prediction rebuttals. Dave Aitel (Dec 21)
- Message not available
- Re: News, dumbug, prediction rebuttals. Dave Aitel (Dec 21)
- Message not available
- Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 21)
- Re: News, dumbug, prediction rebuttals. David J. Bianco (Dec 21)
- Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 22)
- Message not available
- Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 23)
- Message not available
- Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 23)
- Re: News, dumbug, prediction rebuttals. David J. Bianco (Dec 21)
- Re: News, dumbug, prediction rebuttals. Dave Aitel (Dec 22)
- Re: News, dumbug, prediction rebuttals. Florian Weimer (Dec 22)
- Re: News, dumbug, prediction rebuttals. Blue Boar (Dec 22)
- Re: News, dumbug, prediction rebuttals. Adam Shostack (Dec 22)
- Re: News, dumbug, prediction rebuttals. plonky (Dec 22)
- Message not available
- Re: News, dumbug, prediction rebuttals. plonky (Dec 23)
- <Possible follow-ups>
- Re: News, dumbug, prediction rebuttals. sgc (Dec 22)
- RE: News, dumbug, prediction rebuttals. Marc Maiffret (Dec 27)