Kumquats

["Dave Aitel" <dave.aitel () gmail com>]

So, Kumquats are a fruit you either love or hate. They're tiny oranges you
eat like grapes, and oddly, the sweetness is in the protective peel. It's
funny how sometimes the things that you grow to protect yourself end up
being the good stuff to eat. Last week in Nico's advanced overflow class,
during the heap overflow portion, we analyzed a random server of some sort.
Because it's a commercial server, and on Windows, the thing was protected
with some sort of packer. I'm not sure which packer it was, although it'd be
good to know, but it operated by copying snippets of code onto the heap and
then trampolining off them. This made the heap overflow exploit quite easy,
since once you avoided crashing it would automatically execute your
shellcode for you. Very RealServer-esque.

Anyways, the point here is that sometimes the complexity you built to
protect yourself is what makes you look retarded in the end. All those
people getting owned from the Snort DCE parser bug or the Windows Defender
Vista PDF-parser bug are learning this the hard way. It's hard to quantify
this, but the KINDS of complexity that Digital Restriction Management puts
on your product is the kind that will introduce vulnerabilities. Likewise,
eschewing DRM is good for security - you can build your entire product in a
scripting language, for example.

Anyways, don't forget to send in your SyScan presentations. Singapore has
great fruit as well and a truly top notch local team of reverse engineers.

-dave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave