Re: WMF and the Windows Vulnerability Drought :>

[Joanna Rutkowska <joanna () invisiblethings org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave Aitel wrote:
> And you don't want a patch (although kudo's to Ilfak for writing one!)
> - you want code to be designed securely when it gets delivered to you.
> Relying on a patch just means you've been owned for the past 5 years
> without knowing it.
...and because you never know if the code is really designed and
implemented correctly, you should at least have the ability to find out
if you were owned or not... So what you should never forget about is
proper compromise detection :P

But how many production-level tools for compromise detection do we have
today? And even though we've just started to see some rootkit detectors
on the market, what about implementation specific attacks (AKA
commercial hacker defender) against them? Can Ms. Smith win this game?
Or only if she bought a customized rootkit^H^H^H^H^H^H^Hcompromise
detection service for $$$$?

joanna.
-----BEGIN PGP SIGNATURE-----

iD8DBQFDuZ+AORdkotfEW84RAneNAJ9YzQs7HBtXRwq5QqCrp0UkpIPPFgCff4hb
eqtV4N2ffhIMTqfDDiolb00=
=dp7w
-----END PGP SIGNATURE-----