RE: We have met the enemy, and the enemy is ... you.

[redsand <redsand () redsand net>]

Black Security is also currently doing some audits on the Determina
Software Suite.  Nothing has come of it yet but hopefully some positive
results will come out of our testing soon.  Any information
may/hopefully will make it to our blogs or a formal piece of
documentation.

In the sales meeting, a Determina rep even claimed that ISS had a hack
for it but couldn't prove it.

On Tue, 2006-04-11 at 17:43 +0200, pageexec () freemail hu wrote:
> On 10 Apr 2006 at 16:13, Knape, Joe wrote:
> > My "group" has also been looking at a "suite" of products that includes
> > a "Memory Firewall" and "LiveShield" from a company called Determina.
> > They make some bold claims and I've been testing it in a lab setup but
> > I'd like to hear if anyone has been using it in a real-world
> > environment?
>
> Determina's product is based on the research done at MIT under
> the DynamoRIO project. google for "program shepherding" (and
> the mispelled "sheperding" version) to find all you wanted to
> know. in my opinion, program shepherding is the only other
> technology that measures up to PaX, and for now it does even
> more in fact (deterministic ret2libc attack prevention).
>
> unfortunately source code has never been published, so some
> claims of security cannot be verified (e.g., their research
> paper mentions then unresolved issues with multithreaded apps).