Dailydave mailing list archives
An Extinction Event
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 23 Nov 2007 02:26:42 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sometimes it takes an almost-Extinction event to make a species evolve enough to survive long-term. In any case, I think in Europe and Asia you can see a bit of a revival in the hacker community. The keynote at Deepsec was 'Paul Simmonds: Global Information Security Director, ICI, Jericho Forum'. His talk essentially was on how the perimeter security model is weakening. It was very very similar to any number of talks I heard Dan Geer give back in 2002. So this is a concept that continues to ferment. Eventually Paul and Jericho will start writing papers on how to protect a user's information even though the endpoint itself is compromised, and then everyone will look for Palladium even though two years ago they screamed and squealed when Microsoft wanted to do it. Instead everyone wants to develop a virtual machine , or in the edge case, just boot off of a Linux USB instead for all your banking. During the Q&A section Paul ended up saying "We don't have to worry about endpoint security that much because we have MessageLabs protecting our email and it's 100% effective. We've never had malicious code go through." Which is total crap, clearly. The sort of thing Mark Curphey made fun of later that night. :> He did have some good points about separating QoS from security. He's like "Why are all your security dollars focused on DoS? All you do is buy more bandwidth and filtering to solve that problem." So then I saw a flash security talk. Flash is pretty interesting, and as a demo, he did a cross site scripting on CNN.com. Later I talked to Nitesh Dhanjani about how you could do that to Google and most other interesting places too. Aaron and Cody from Tippingpoint did a great presentation - essentially a working MIDL parser in Python and a working NDR marshaller. This, plus a working .dll->.idl converter gets you a great fuzzer for MSRPC stuff. They say they just sent two bugs to MS and demoed a crash on CA. NDR is mind-blowing, so great work there. Anyways, productive day in terms of new bugs. :> My presentation is here: http://www.immunityinc.com/downloads/Debugging_With_ID.odp Just for context, an old presentation on MSRPC fuzzing: http://www.immunityinc.com/downloads/msrpc_fuzzing.odp - -dave ************************************* Want to learn more? We can teach you! www.immunityinc.com/edu.shtml Upcoming Class: December 3-7 -Unethical Hacking -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHRoCytehAhL0gheoRAvl2AJ424+caJwY48IkAaqqPhEZufnsCYwCeKKUL doMzGRWQhXWrXrugb4GkPC4= =88Dt -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- An Extinction Event Dave Aitel (Nov 22)
- Re: An Extinction Event Blue Boar (Nov 23)
- Re: An Extinction Event Cedric Blancher (Nov 23)
- Re: An Extinction Event Blue Boar (Nov 23)
- Re: An Extinction Event Andre Gironda (Nov 24)
- Re: An Extinction Event Pete Herzog (Nov 24)
- Re: An Extinction Event Marcus Meissner (Nov 24)
- Re: An Extinction Event Cedric Blancher (Nov 26)
- Re: An Extinction Event Cedric Blancher (Nov 23)
- Re: An Extinction Event Blue Boar (Nov 23)