Re: DLL hijacking with Autorun on a USB drive

[coderman <coderman () gmail com>]

On Thu, Sep 2, 2010 at 11:47 AM, Pavel Kankovsky
<peak () argo troja mff cuni cz> wrote:
> ...
> If your OS's security model "understands" programs and data belong in
> different security domains then every instruction of code on your computer
> is trusted to enforce that policy. Your line of defence goes through every
> program and any bug can breach it. The failure is inevitable. [1]
>
> [1] ... "The Inevitability of Failure: The Flawed
> Assumption of Security in Modern Computing Environments"

there are some useful mitigations around these inevitable failures,
  http://qubes-os.org/Architecture.html is an example of isolation
rather than correctness i've liked since NetTop wrapped RSBAC policy
around vmware guest isolation...

defense in depth loves company, so application correctness, in
addition to NX / other hw protections on guest/host, in addition to
virtual machine isolation, in addition to RSBAC constraints, in
addition to ... are all useful and can be combined in many ways to fit
various threat models and usability requirements.

this is "hard" to design, implement, and maintain compared to the
cheap and slutty coding and configuration pervasively deployed in our
current reality, however.  don't hold your breath; just stay ahead of
all the other low hanging fruit running un-patched, un-managed Windows
installs.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/