Dailydave mailing list archives
Re: Dep and aslr and /gs and so on
From: Bas Alberts <bas.alberts () immunityinc com>
Date: Fri, 27 Mar 2009 09:57:05 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hrmm, I think there's this general misunderstanding and underestimation of the game. I also think there's confusion between exploit development versus hacking. 'Our' generation's exploit development (of the memory corruption related variety) might be a thing of the past 5 or 10 years from now, sure. But that has little to do with hacking as a whole (and with hacking I mean compromising systems). People (kids, senior citizens, whatever) are always going to hack. And hacking is an entirely different pursuit than the esoteric art of big game bug hunting. I don't think that a lot of the people hacking right now care so much about memory corruption based exploitation. They care about what gets them in (and in a sense I think it's always been like that). For example, I missed the PHP short bus, and sometimes scoff at the latest 'advances' in web hacking like every other mem corruption dinosaur. But at the end of the day, they didn't have to spend 2 months in GDB to drop a reliable remote shell. They did it in 2 days with a firm understanding of regular expressions, the PHP interpreter and common sense. Now from a hacking standpoint, which one gets more cool points? The one that gets you on target, of course. But from an exploit development standpoint? For me, the one that involved a lot of research and solved complex problems. But is that really the right way to look at things? It is such a subjective thing to consider. Now here's another stretch, I think a lot of people appreciate a well researched mem corruption exploit with all the bells and whistles like they appreciate a piece of art. Something to be hung on a wall and studied and praised. But does that really relate to anything relevant when it comes to hacking? Which flash exploit do you want to write when you have to be on target? The one that takes half a year to perfect or the one you can push out for all platforms in a week? They both exist(ed) at the same time. When does ego and academic masturbation get in the way of practicality? The ego of security research is an interesting thing. So sure, we might end up having the 'nice' exploits, but I'm sure the 'kids' will be just fine. Love, Bas Ralf-Philipp Weinmann wrote:
Hi Dave, you're right there. If you tell people in our community something's impossible to break, it definitely will be broken. Lars Knudsen's quote about cryptology can be weakened and transferred to information security in general: "If something is provably secure, it's probably not." Nonetheless, what I really don't like about this inflation is that it'll prevent new kids from entering the game as easily as we did. My fear is that in a couple of years it's gonna be just us olpharts (excuse the pun) who have the nice exploits. Cheers, .:ralf:. On Mar 26, 2009 7:36 PM, "Dave Aitel" <dave.aitel () gmail com> wrote: So over and over for several years now you can hear people in the offensive information security talk in despair about the new Microsoft protection measures. But here's the thing as I see it - if you tell yourself its impossible, then it definitely will be. As Joe Bennet from "Lipstick Jungle" would say: "Plan for success!". All of the new security technologies coming out total a one or two order of magnitude increase in an attacker's costs. That's not impossible, that's just inflation. So deal. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave ------------------------------------------------------------------------ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJzNsxLpdA2Ju9tfcRAk7FAJ4v4JRhfxthBdDOGhTxo8XL5eCYFACgj4Pj SI0F/PEdyuUm/g5E60cjCag= =nlcD -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Dep and aslr and /gs and so on Dave Aitel (Mar 26)
- Re: Dep and aslr and /gs and so on Jeremy Brown (Mar 26)
- Re: Dep and aslr and /gs and so on Curt Wilson (Mar 27)
- Re: Dep and aslr and /gs and so on Ralf-Philipp Weinmann (Mar 26)
- Re: Dep and aslr and /gs and so on Bas Alberts (Mar 27)
- Re: Dep and aslr and /gs and so on Trygve Aasheim (Mar 27)
- Re: Dep and aslr and /gs and so on huku (Mar 27)
- Re: Dep and aslr and /gs and so on Jeremy Brown (Mar 26)