| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Mar 2007 12:16:34 +0100 From: Jan Wrobel <wrobel@...es.ath.cx> To: Jex <hewhohuntscats@...il.com>, focus-ids@...urityfocus.com, bugtraq@...urityfocus.com Subject: Re: Firekeeper - IDS for Firefox available On Fri, 9 Mar 2007, Bob Beck wrote: > * Jex <hewhohuntscats@...il.com> [2007-03-09 13:27]: > ... > > >rules similar to Snort ones to describe browser based attack > > >attempts. > > > All incoming HTTP and HTTPS traffic is scanned with these > > >rules. HTTPS and compressed responses are scanned after > > >decryption/decompression. > > So the next snort style overflow/format string/etc bug from all that > string bashing code going on in the ids can now let the attacker > compromise a process with access to my https stream decrypted - > probably on an already convieniently open descriptor. Yeah. Baby. > > "Web Browers are Bloated Fscking Monsters that are full of bugs" > > "Lets add more code to look for people exploiting the bugs - of > course this code won't have bugs.." > Isn't it the case with every software created to add some protection to you computer? Firewalls, antiviruses, IDSes etc. are all adding code to your operating system that may, in the future, be found vulnerable to some attack. It is just the question whether protection they provide compensates additional threat they may introduce. Jan Wrobel
Powered by blists - more mailing lists