| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030822112131.B17815@ring.CS.Berkeley.EDU> Date: Fri, 22 Aug 2003 11:21:31 -0700 From: Nicholas Weaver <nweaver@...berkeley.edu> To: Crispin Cowan <crispin@...unix.com> Cc: Bob Rogers <rogers-bt2@...jr.dyndns.org>, "BUGTRAQ@...URITYFOCUS.COM" <BUGTRAQ@...urityfocus.com> Subject: Re: Heterogeneity as a form of obscurity, and its usefulness On Thu, Aug 21, 2003 at 08:56:51PM -0700, Crispin Cowan composed: > >Seems to me that obscurity is the *only* defence against exploits for > >unpublished/unpatched vulnerabilities that are spreading in the cracker > >community; if you can avoid being a target, by whatever means, then you > >are ahead of the game. > > > Now that is just not true. All of the technologies in the previous > thread (StackGuard, PointGuard, ProPolice, PaX, W^X, etc.) have some > capacity to resist attacks based on unpublished/unpatched > vulnerabilities. That is their entire purpose. Likewise, the worm research has been focusing on how to automatically detect, analyze, and respond to a new worm or similar threat. For some classes (eg, Scanning worms like Slammer, blaster, code red, etc), this appears quite doable. So the likely viable worm defenses ideally should deal with 0 day worms, which means stopping a new vulnerability contained in a new worm. -- Nicholas C. Weaver nweaver@...berkeley.edu
Powered by blists - more mailing lists