Dailydave mailing list archives

An Extinction Event

From: Dave Aitel <dave () immunityinc com>
Date: Fri, 23 Nov 2007 02:26:42 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sometimes it takes an almost-Extinction event to make a species evolve
enough to survive long-term. In any case, I think in Europe and Asia you
can see a bit of a revival in the hacker community.

The keynote at Deepsec was 'Paul Simmonds: Global Information Security
Director, ICI, Jericho Forum'. His talk essentially was on how the
perimeter security model is weakening. It was very very similar to any
number of talks I heard Dan Geer give back in 2002. So this is a concept
that continues to ferment. Eventually Paul and Jericho will start
writing papers on how to protect a user's information even though the
endpoint itself is compromised, and then everyone will look for
Palladium even though two years ago they screamed and squealed when
Microsoft wanted to do it. Instead everyone wants to develop a virtual
machine , or in the edge case, just boot off of a Linux USB instead for
all your banking.

During the Q&A section Paul ended up saying "We don't have to worry
about endpoint security that much because we have MessageLabs protecting
our email and it's 100% effective. We've never had malicious code go
through."

Which is total crap, clearly. The sort of thing Mark Curphey made fun of
later that night. :>

He did have some good points about separating QoS from security. He's
like "Why are all your security dollars focused on DoS? All you do is
buy more bandwidth and filtering to solve that problem."

So then I saw a flash security talk. Flash is pretty interesting, and as
a demo, he did a cross site scripting on CNN.com. Later I talked to
Nitesh Dhanjani about how you could do that to Google and most other
interesting places too.

Aaron and Cody from Tippingpoint did a great presentation - essentially
a working MIDL parser in Python and a working NDR marshaller. This, plus
 a working .dll->.idl converter gets you a great fuzzer for MSRPC stuff.
They say they just sent two bugs to MS and demoed a crash on CA. NDR is
mind-blowing, so great work there.

Anyways, productive day in terms of new bugs. :>

My presentation is here:
http://www.immunityinc.com/downloads/Debugging_With_ID.odp

Just for context, an old presentation on MSRPC fuzzing:
http://www.immunityinc.com/downloads/msrpc_fuzzing.odp

- -dave
*************************************
Want to learn more? We can teach you!
   www.immunityinc.com/edu.shtml
Upcoming Class: December 3-7 -Unethical Hacking






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHRoCytehAhL0gheoRAvl2AJ424+caJwY48IkAaqqPhEZufnsCYwCeKKUL
doMzGRWQhXWrXrugb4GkPC4=
=88Dt
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

An Extinction Event Dave Aitel (Nov 22)
- Re: An Extinction Event Blue Boar (Nov 23)
  - Re: An Extinction Event Cedric Blancher (Nov 23)
    - Re: An Extinction Event Blue Boar (Nov 23)
    - Re: An Extinction Event Andre Gironda (Nov 24)
    - Re: An Extinction Event Pete Herzog (Nov 24)
    - Re: An Extinction Event Marcus Meissner (Nov 24)
    - Re: An Extinction Event Cedric Blancher (Nov 26)