eWeek says "Apple's Switch to Intel Could Allow OS XExploits"

[gem at cigital.com (Gary McGraw)]

Hi all,

We talk about different targets and payloads in Exploiting Software.  Bottom line, my opinion is that it's not that 
much harder.  So the switch should be a wash.

gem

 -----Original Message-----
From:   der Mouse [mailto:mouse at rodents.montreal.qc.ca]
Sent:   Fri Jan 27 15:29:59 2006
To:     SC-L at securecoding.org
Subject:        Re: [SC-L] eWeek says "Apple's Switch to Intel Could Allow OS XExploits"

> The article claims that Apple's use of Intel chips will result in
> more software exploits because, "'Attackers have been focused on the
> [Intel] x86 for over a decade. Macintosh will have a lot more
> exposure than when it was on PowerPC,'

Sounds likely.

> I was hoping to find some hint of a hardware architectural feature
> that the powerpc has that provided an additional means of protection,
> but the article mentions none.  Instead, the only reason that it
> cites for the (presumed) increase in software exploits is attackers'
> knowledge and experience base.

I think that's probably fair.  PPC is probably a little harder to work
with because it's RISC, making it harder to write code without NULs
(and a lot of injection mechanisms won't work if you have embedded
NULs).

However, it's not really very much harder, and attackers would have
done it if the PPC target had been as big as the x86 target.

> After all, didn't attackers also have access to powerpc systems to
> build attacks on during the same timeframe that Symantec suggests?

Sure, but less motivation to do so, because most of the machines out
there were, and are, x86.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse at rodents.montreal.qc.ca
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php




----------------------------------------------------------------------------
This electronic message transmission contains information that may be
confidential or privileged.  The information contained herein is intended
solely for the recipient and use by any other party is not authorized.  If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited.  If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message.  Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.
----------------------------------------------------------------------------