[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070311111634.GB22750@blues.ath.cx>
Date: Sun, 11 Mar 2007 12:16:34 +0100
From: Jan Wrobel <wrobel@...es.ath.cx>
To: Jex <hewhohuntscats@...il.com>, focus-ids@...urityfocus.com,
bugtraq@...urityfocus.com
Subject: Re: Firekeeper - IDS for Firefox available
On Fri, 9 Mar 2007, Bob Beck wrote:
> * Jex <hewhohuntscats@...il.com> [2007-03-09 13:27]:
> ...
> > >rules similar to Snort ones to describe browser based attack
> > >attempts.
> > > All incoming HTTP and HTTPS traffic is scanned with these
> > >rules. HTTPS and compressed responses are scanned after
> > >decryption/decompression.
>
> So the next snort style overflow/format string/etc bug from all that
> string bashing code going on in the ids can now let the attacker
> compromise a process with access to my https stream decrypted -
> probably on an already convieniently open descriptor. Yeah. Baby.
>
> "Web Browers are Bloated Fscking Monsters that are full of bugs"
>
> "Lets add more code to look for people exploiting the bugs - of
> course this code won't have bugs.."
>
Isn't it the case with every software created to add some protection
to you computer? Firewalls, antiviruses, IDSes etc. are all adding
code to your operating system that may, in the future, be found
vulnerable to some attack. It is just the question whether protection
they provide compensates additional threat they may introduce.
Jan Wrobel
Powered by blists - more mailing lists