Dailydave mailing list archives

Re: Dep and aslr and /gs and so on

From: Trygve Aasheim <trygve () pogostick net>
Date: Fri, 27 Mar 2009 11:28:41 +0100

You think so?   :)

History has proven that new challenges and obstacles are what brings the 
younger generation into play. When the rules change, and the old farts 
can't keep up because they have to totally change their approach to the 
problem at hand, the young guns enter the scene.

The average age of an engineer in the Apollo program was 23...and they 
managed to put a man on the moon, even if there was a whole bunch of 
rocket scientist of the old school that thought it would be impossible.

So it might not be easy, and there might not be as many dirty hacks and 
cheap tricks - making it harder to enter the game. But I think we'll see 
a change again like we did with Aleph One, XSS, js etc, and the kids 
that master the new scene will come.

Just wait and see.


(amen)

;)


Ralf-Philipp Weinmann skrev:

Hi Dave,

you're right there. If you tell people in our community something's 
impossible to break, it definitely will be broken. Lars Knudsen's quote 
about cryptology can be weakened and transferred to information security 
in general: "If something is provably secure, it's probably not."

Nonetheless, what I really don't like about this inflation is that it'll 
prevent new kids from entering the game as easily as we did. My fear is 
that in a couple of years it's gonna be just us olpharts (excuse the 
pun) who have the nice exploits.

Cheers,
.:ralf:.

    On Mar 26, 2009 7:36 PM, "Dave Aitel" <dave.aitel () gmail com
    <mailto:dave.aitel () gmail com>> wrote:

    So over and over for several years now you can hear people in the
    offensive information security talk in despair about the new
    Microsoft protection measures. But here's the thing as I see it - if
    you tell yourself its impossible, then it definitely will be.  As
    Joe Bennet from "Lipstick Jungle" would say: "Plan for success!".

    All of the new security technologies coming out total a one or two
    order of magnitude increase in an attacker's costs. That's not
    impossible, that's just inflation. So deal.


    _______________________________________________
    Dailydave mailing list
    Dailydave () lists immunitysec com <mailto:Dailydave () lists immunitysec com>
    http://lists.immunitysec.com/mailman/listinfo/dailydave


------------------------------------------------------------------------

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Dep and aslr and /gs and so on Dave Aitel (Mar 26)
- Re: Dep and aslr and /gs and so on Jeremy Brown (Mar 26)
  - Re: Dep and aslr and /gs and so on Curt Wilson (Mar 27)
- Re: Dep and aslr and /gs and so on Ralf-Philipp Weinmann (Mar 26)
  - Re: Dep and aslr and /gs and so on Bas Alberts (Mar 27)
  - Re: Dep and aslr and /gs and so on Trygve Aasheim (Mar 27)
  - Re: Dep and aslr and /gs and so on huku (Mar 27)