Well worth reading

[Dave Aitel <dave () immunitysec com>]

Go read: Thomas Ptacek's weblog.

http://www.sockpuppet.org/tqbf/log/

My favs:
http://www.sockpuppet.org/tqbf/log/2005/05/its-that-time-again-time-for-usenet.html
http://www.sockpuppet.org/tqbf/log/2005/04/sigh.html

I've been thinking about Dan Geer's email a bit. I guess my opinion is 
that for most uses, monitoring disk access does protect data - but 
(ignoring the potential to hop directly into the kernel, something 
Joanna is more likely to do than I am) it doesn't protect data against 
an attacker with CANVAS (or something CANVAS-like). CANVAS doesn't read 
data by reading it off the disk, in many cases. When we want to read 
your email, we inject into your Outlook, or your Exchange. If I want to 
steal your source code, I'll read it from within the SourceSafe process 
itself. Alternatively, an attacker could sniff things from the network, 
if you use unencrypted protocols (which you might do without realizing 
it, since SMB by default isn't encrypted, I think).

-dave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave