Dailydave mailing list archives
Re: On the Effectiveness of Address Space Randomization
From: Dave Aitel <dave () immunitysec com>
Date: Fri, 29 Oct 2004 08:29:26 -0400
pageexec () freemail hu wrote:
You don't have to bandy words here. We'd love to hear your (or Brad's) comments for those of us to whom "glaring mistake" is not so glaring. :>there's a paper presented at the ACM Computer and Communications Security conference, some of you might want to check it out. while it contains some glaring mistakes, it's generally a good overview of the utility of memory randomization techniques. http://www.stanford.edu/~blp/papers/asrandom.pdf
As a side note, I apologize to everyone who recieved a worm in their email from dailydave. We don't moderate messages to dailydave, except from non-subscribers. If someone knows how to set mailman to reject messages with .[com|exe|etc], please let me know. Also, this means if your message did not appear on dailydave, then you are not subscribed. I rarely go through and moderate.
Ooh, another side note, one thing I find funny is when people do Linux versus Microsoft comparisons on security and they forget to mention that the version of Linux they're running was released a couple weeks ago, whereas they're running Microsoft Windows 2000, which was gold 5 years ago. Even 2003 has an aged archetecture by Linux standards. Going back to do service packs and whatnot for security is tough. It took Sinan Eren about 3 weeks to break a lot of the generic protections on SP2, for example. He's really smart and all, but grsecurity, in my opinion, is a bigger change to Linux in terms of security than SP2 was to XP, and it's a bigger change to a more modern system by several years.
-dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- On the Effectiveness of Address Space Randomization pageexec (Oct 28)
- Re: On the Effectiveness of Address Space Randomization Dave Aitel (Oct 29)
- <Possible follow-ups>
- Re: On the Effectiveness of Address Space Randomization spender (Oct 29)
- Re: Re: On the Effectiveness of Address Space Randomization Sinan Eren (Oct 29)
- Re: Re: On the Effectiveness of Address Space Randomization pageexec (Oct 29)
- Re: Re: On the Effectiveness of Address Space Randomization Sinan Eren (Nov 01)
- Re: Re: On the Effectiveness of Address Space Randomization Sinan Eren (Oct 29)