Dailydave mailing list archives
Re: WMF and the Windows Vulnerability Drought :>
From: Michael A Stevens <mstevens () cmu edu>
Date: Wed, 4 Jan 2006 00:20:47 -0500 (EST)
From
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gdi/wingdistart_9ezp.asp "Security Considerations: GDIThis topic provides information about security considerations related to GDI. This topic doesn't provide all you need to know about security issues?instead, use it as a starting point and reference for this technology area. GDI generally has few security concerns because it deals with display rather than input. However, here are a few issues that you should consider. Bitmaps, metafiles, and fonts are complex structures that could become corrupted. It is good practice to try to ensure that these items are uncorrupted and from a trustworthy source.
On Windows NT/2000/XP, an application can specify the security descriptor for some of the printing and spooling APIs. You should take care when setting the security descriptor."
Perhaps whoever wrote that should have hit the IE developers with their clue-stick.
Mike On Mon, 2 Jan 2006, Dave Aitel wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So I'm not sure why Sans Diary has people calling HD Moore irresponsible, when all he did was point out the brutally obvious: You can't write reliable network IDS signatures for these client side bugs. If it's going to annoy you a lot when people pad the exploit to match an MTU header, then it's going to REALLY annoy you when we set our MTU size to be 40 bytes, and use tiny HTTP Chunks for a Gziped file over SSL after doing several prior null requests . I haven't done a lot of testing with commercial IDS's, but I can pretty much guarantee signature based IDS isn't going to find Immunity's version. That probably goes for other people writing exploits that Sans isn't able to get their hands on. And you don't want a patch (although kudo's to Ilfak for writing one!) - - you want code to be designed securely when it gets delivered to you. Relying on a patch just means you've been owned for the past 5 years without knowing it. When people in this industry call other people irresponsible, what they usually mean is they're upset for getting hit over the head with a clue-stick. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDuZkZB8JNm+PA+iURAqx7AKDMjEYuL8Kj72vxcOrWboSrKjybCQCgt9o7 o8x3rPKM1bWYdu1zJC+QwNA= =QAYr -----END PGP SIGNATURE-----
Current thread:
- WMF and the Windows Vulnerability Drought :> Dave Aitel (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Barrie Dempster (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Joanna Rutkowska (Jan 02)
- Re[2]: WMF and the Windows Vulnerability Drought :> Thierry Zoller (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Joanna Rutkowska (Jan 02)
- Re[2]: WMF and the Windows Vulnerability Drought :> Thierry Zoller (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> H D Moore (Jan 02)
- RE: WMF and the Windows Vulnerability Drought :> El Nahual (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Orlando Padilla (Jan 03)
- Re: WMF and the Windows Vulnerability Drought :> Florian Weimer (Jan 03)
- RE: WMF and the Windows Vulnerability Drought :> El Nahual (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Frank Knobbe (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Michael A Stevens (Jan 04)
- RE: WMF and the Windows Vulnerability Drought :> Dave Korn (Jan 05)
- <Possible follow-ups>
- RE: WMF and the Windows Vulnerability Drought :> nahual () g-con org (Jan 04)