Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Hide And Seek

From: dave <dave () immunityinc com>
Date: Wed, 09 Dec 2009 15:33:36 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mmm. What you say?
  Mmm. That you only meant well?
  Well of course you did
Mmm. What you say?
  Mmm. That it's all for the best?
       (Of course it is)
 -- Imogen Heap

A long time ago I hung out a lot with Frank Swiderski, and we tried to
write a MPEG decoder in our spare time (and failed). But later he went
to Microsoft and audited the .Net CLR for bugs similar to my favourite
bug of this Month's CANVAS release (CVE-2009-0091). Bugs like that are
great because they're 100% reliable even with DEP and NX and everything
else installed - and in this case it supports HTTP-MOSDEF which allows
bypassing authenticating HTTP proxies (over SSL if you like) :>.

One thing I notice with security things is that most people have never
seen a hacker go. It's like, they're modelling in their head what they
think a hacker would do, but a hacker would really be operating in a
completely different way. Either much much faster, or much much slower,
or using different tools, or a completely different set of logic.

People are somewhat getting used to papers describing real world
exploits (http://blogs.iss.net/archive/2009bhtalkexplained.html) is a
recent example, and Kostya's CLOUDBURST talk comes to mind. But the
process of hacking is as thought advanced as that paper, and yet glossed
over by most people. Or as Alan Furst would say, "The world needs more
people who can do good without getting caught."

- -dave
P.S. ISS ppl:
chunk of a know size. <-- s/know/known. Not that I can talk. :>
Isn't it interesting that both the talks referenced in the paper were in
Singapore at Thomas Lim's SyScan? :>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAksgCaAACgkQtehAhL0gheqlqwCeKHnBZHI7mOwijRp1w7dZPcvy
Uk0AmQHXbDhTc/BYKQ7DgZvp9f8WnjZ+
=OO2t
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: