Full Disclosure mailing list archives
Re: RE: when will AV vendors fix this???
From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 14 Aug 2006 15:23:44 -0500
Dmitry Yu. Bolkhovityanov wrote:
*Of course* it's a "security-related" problem. The solution to that problem is what is being discussed.Any type of data/file hiding (of course, alternate data streams in the first place) can become the last brick required for some new attack vector.So, while currently I can't present any workable scenario, I wouldn't consider such type of data hiding as "not a security-relate problem".
When data is at rest, it presents no threat to the OS (AFAIK). It's just electrons aligned in a certain, specific way on media. It's only when data enters memory and becomes part of the stream that the processor(s) have to act upon that the threat becomes "real". For data to enter memory it must be accessed in some way. If that access process is being monitored and *if* the exploit is known, it will be detected and whatever action is specified by the protective software will be taken.
To put it another way, what risk do bombs stored in a concrete bunker present? None, unless they are accessed somehow. If proper monitoring is in place, that will never happen without being detected and prevented.
-- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- when will AV vendors fix this??? Bipin Gautam (Aug 05)
- Re: when will AV vendors fix this??? Denis Jedig (Aug 05)
- Re: Re: when will AV vendors fix this??? <...> (Aug 06)
- Re: when will AV vendors fix this??? Marius Huse Jacobsen (Aug 07)
- Re: when will AV vendors fix this??? Bryan (Aug 07)
- RE: when will AV vendors fix this??? Thomas D. (Aug 07)
- Re: RE: when will AV vendors fix this??? Dude VanWinkle (Aug 07)
- RE: RE: when will AV vendors fix this??? Thomas D. (Aug 07)
- RE: RE: when will AV vendors fix this??? Dmitry Yu. Bolkhovityanov (Aug 11)
- Re: RE: when will AV vendors fix this??? Paul Schmehl (Aug 14)
- Re: RE: when will AV vendors fix this??? Bipin Gautam (Aug 15)
- Re: RE: when will AV vendors fix this??? Dude VanWinkle (Aug 07)
- Re: when will AV vendors fix this??? Denis Jedig (Aug 05)
- Re: when will AV vendors fix this??? Bipin Gautam (Aug 07)
- <Possible follow-ups>
- Re: Re: when will AV vendors fix this??? hatless (Aug 06)
- Re: when will AV vendors fix this??? Andreas Marx (Aug 14)