Dailydave mailing list archives
Re: WMF and the Windows Vulnerability Drought :>
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Mon, 02 Jan 2006 22:47:46 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Aitel wrote:
And you don't want a patch (although kudo's to Ilfak for writing one!) - you want code to be designed securely when it gets delivered to you. Relying on a patch just means you've been owned for the past 5 years without knowing it.
...and because you never know if the code is really designed and implemented correctly, you should at least have the ability to find out if you were owned or not... So what you should never forget about is proper compromise detection :P But how many production-level tools for compromise detection do we have today? And even though we've just started to see some rootkit detectors on the market, what about implementation specific attacks (AKA commercial hacker defender) against them? Can Ms. Smith win this game? Or only if she bought a customized rootkit^H^H^H^H^H^H^Hcompromise detection service for $$$$? joanna. -----BEGIN PGP SIGNATURE----- iD8DBQFDuZ+AORdkotfEW84RAneNAJ9YzQs7HBtXRwq5QqCrp0UkpIPPFgCff4hb eqtV4N2ffhIMTqfDDiolb00= =dp7w -----END PGP SIGNATURE-----
Current thread:
- WMF and the Windows Vulnerability Drought :> Dave Aitel (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Barrie Dempster (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Joanna Rutkowska (Jan 02)
- Re[2]: WMF and the Windows Vulnerability Drought :> Thierry Zoller (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Joanna Rutkowska (Jan 02)
- Re[2]: WMF and the Windows Vulnerability Drought :> Thierry Zoller (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> H D Moore (Jan 02)
- RE: WMF and the Windows Vulnerability Drought :> El Nahual (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Orlando Padilla (Jan 03)
- Re: WMF and the Windows Vulnerability Drought :> Florian Weimer (Jan 03)
- RE: WMF and the Windows Vulnerability Drought :> El Nahual (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Frank Knobbe (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Michael A Stevens (Jan 04)
- RE: WMF and the Windows Vulnerability Drought :> Dave Korn (Jan 05)
- <Possible follow-ups>
- RE: WMF and the Windows Vulnerability Drought :> nahual () g-con org (Jan 04)