Dailydave mailing list archives
Re: ASLR+DEP = no problem. :>
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Fri, 5 Feb 2010 09:44:25 -0500
First, it looks like insulting others is common, if not mandatory practice on this list. Sorry if I don't do a good enough job, I'm new here. My first impression on seeing this (I'm still reading Dion's paper) was that perhaps some sort of validator or IPS-like functionality in the JIT, analyzing the input, could be effective, looking for malformations and suspicious behavior. It couldn't be perfect and there would be a performance hit. My other thought was whether Java is just as vulnerable. I assume almost all JVMs do JITing. Of course Java byte code is understood to be code while Flash files are treated as "content". So it wouldn't be so easy, for example, to send malicious Java to a locked Symbian cell phone because it would have to be signed and users are generally more cautious about code than "content". Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com http://blogs.pcmag.com/securitywatch/ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ASLR+DEP = no problem. :> dave (Feb 03)
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Moshe Ben Abu (Feb 04)
- Re: ASLR+DEP = no problem. :> dave (Feb 04)
- Re: ASLR+DEP = no problem. :> Matthew Wollenweber (Feb 04)
- Message not available
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Alexander Sotirov (Feb 04)
- Re: ASLR+DEP = no problem. :> Nate Lawson (Feb 05)
- Re: ASLR+DEP = no problem. :> Larry Seltzer (Feb 05)
- Re: ASLR+DEP = no problem. :> Michal Zalewski (Feb 05)
- Re: ASLR+DEP = no problem. :> Moshe Ben Abu (Feb 04)
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Sergio 'shadown' Alvarez (Feb 04)
- Re: ASLR+DEP = no problem. :> pageexec (Feb 04)
- Re: ASLR+DEP = no problem. :> Berend-Jan Wever (Feb 05)