Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: when will AV vendors fix this???

From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 14 Aug 2006 15:23:44 -0500
Dmitry Yu. Bolkhovityanov wrote:
Any type of data/file hiding (of course, alternate data streams in the first place) can become the last brick required for some new attack vector.
So, while currently I can't present any workable scenario, I wouldn't consider such type of data hiding as "not a security-relate problem".
*Of course* it's a "security-related" problem. The solution to that problem is what is being discussed.
When data is at rest, it presents no threat to the OS (AFAIK). It's just electrons aligned in a certain, specific way on media. It's only when data enters memory and becomes part of the stream that the processor(s) have to act upon that the threat becomes "real". For data to enter memory it must be accessed in some way. If that access process is being monitored and *if* the exploit is known, it will be detected and whatever action is specified by the protective software will be taken.
To put it another way, what risk do bombs stored in a concrete bunker present? None, unless they are accessed somehow. If proper monitoring is in place, that will never happen without being detected and prevented. 

--
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: