Secure Coding mailing list archives
Re: informIT: Modern Malware
From: AK <platsakos () gmail com>
Date: Sat, 26 Mar 2011 23:44:07 +0200
Hi everyone, Assuming that "are we missing DEP and assorted userland exploit mitigations" for the web is not a rhetorical question, indeed assorted technologies based on randomized instruction sets have been researched and I have seen PoC solutions circa 2004 (SQLi) and more recently for XSS. [1] is a nice starting point, as I am in somewhat of a hurry to locate the papers/PoCs now. Obviously, if that was a rhetorical question, :) [1] http://www.cs.columbia.edu/~angelos/cv.html On 03/26/2011 09:12 PM, Arian J. Evans wrote:
[SNIP] And why is that? Are we missing DEP and SEHOP and such for the web? Or is the web, the browser, and userland malware just where the easy money is, so the attackers focus there? --- Arian Evans Software Security Realism
-- -- thanasisk _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Re: informIT: Modern Malware, (continued)
- Re: informIT: Modern Malware Gary McGraw (Mar 26)
- Re: informIT: Modern Malware Haroon Meer (Mar 26)
- Re: informIT: Modern Malware Gary McGraw (Mar 26)
- Re: informIT: Modern Malware Gunnar Peterson (Mar 26)
- Re: informIT: Modern Malware John Wilander (Mar 26)
- Re: informIT: Modern Malware Kevin W. Wall (Mar 26)
- Re: informIT: Modern Malware Gary McGraw (Mar 27)
- Re: informIT: Modern Malware Arian J. Evans (Mar 26)
- Re: informIT: Modern Malware AK (Mar 26)