Dailydave mailing list archives
Well worth reading
From: Dave Aitel <dave () immunitysec com>
Date: Fri, 27 May 2005 16:45:14 -0400
Go read: Thomas Ptacek's weblog. http://www.sockpuppet.org/tqbf/log/ My favs: http://www.sockpuppet.org/tqbf/log/2005/05/its-that-time-again-time-for-usenet.html http://www.sockpuppet.org/tqbf/log/2005/04/sigh.htmlI've been thinking about Dan Geer's email a bit. I guess my opinion is that for most uses, monitoring disk access does protect data - but (ignoring the potential to hop directly into the kernel, something Joanna is more likely to do than I am) it doesn't protect data against an attacker with CANVAS (or something CANVAS-like). CANVAS doesn't read data by reading it off the disk, in many cases. When we want to read your email, we inject into your Outlook, or your Exchange. If I want to steal your source code, I'll read it from within the SourceSafe process itself. Alternatively, an attacker could sniff things from the network, if you use unencrypted protocols (which you might do without realizing it, since SMB by default isn't encrypted, I think).
-dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Well worth reading Dave Aitel (May 27)