Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible Mail server compromise ?

From: "Faas M. Mathiasen" <faas.m.mathiasen () googlemail com>
Date: Thu, 21 Feb 2008 11:49:54 +0100
Dear Peter,

 Wrong

Have you ever coded an exploit ?

On Thu, Feb 21, 2008 at 12:07 AM, Peter Kosinar <goober () ksp sk> wrote:

Nope, you have to distinguish between a sandbox (code is run) to an AV

 > scanner scanning code in a VM, when the av scanner scans the code, the
 > code is not executed and cannot decide whether it is inside a VM =)

 Wrong. This would be true only if the AV didn't have the parsing bug in
 the first place. If the AV is buggy and allows some form of arbitrary code
 execution, the attacker -does- have the code executed inside the VM; and
 nothing stands in his way of detecting whether it's a real machine or not.
 If, on the other hand, the AV was not vulnerable... then, what would be
 the gain of running it inside a VM? :-)

 Peter

 --
 [Name] Peter Kosinar   [Quote] 2B | ~2B = exp(i*PI)   [ICQ] 134813278
Previous By Date Next
Previous By Thread Next

Current thread: