lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <17684.1061230027@aardvark.cs.ucl.ac.uk>
Date: Mon, 18 Aug 2003 19:07:07 +0100
From: Mark Handley <M.Handley@...ucl.ac.uk>
To: Crispin Cowan <crispin@...unix.com>
Cc: "BUGTRAQ@...URITYFOCUS.COM" <BUGTRAQ@...urityfocus.com>
Subject: Re: Buffer overflow prevention



>Heterogeneity increases survivability of the *species*, but does little 
>to protect the individual. 

What you're not taking into account is contagion.  Amongst a
homogeneous population, a pathogen that infects your friends can
likely infect you.  Amongst a heterogeneous population, if the same
pathogen infects a friend, there's a significantly lower probability
it can infect you.

Now, if you're promiscuous and come into contact with enough
strangers, you'll catch the pathogen either way.  But if you're not
promiscuous, you greatly reduce the change of contracting the pathogen
if you are part of a heterogeneous population.

How does this affect networks?  Well, if you're a webserver or
mailserver that talks to everyone, the heterogeneity doesn't buy you
so much (other than, as you said, there might be more pathogens for
popular systems).  But if you're configured to not talk to the whole
world (via a firewall, or something equivalent), then you're a whole
lot safer if the machines you do communicate with are different from
you in ways that make contagion harder.

Cheers,
	Mark



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ