lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1122669199.42ea928f819aa@mail.hcrn.info>
Date: Fri Jul 29 21:33:34 2005
From: lists at domain-logic.com (Randall Perry)
Subject: Cisco IOS Shellcode Presentation 

Quoting Valdis.Kletnieks@...edu:
<snip> 
> Your only perfect defense here is implementing all of it in a custom ASIC,
> which in itself is insane - if a logic or timing bug is found, you're
> looking at having to do a hardware replacement rather than just downloading
> a new software load.  You can cut some of the pain with an FPGA, but that's 
> still a whole different league than a software solution.
System-on-a-chip design can be very cost effective when used on a massive scale.
 (just look at 3M cards from Newcomm used in the [formerly] Hughes satellite
network).

when embedded into a familiar form-factor (like a credit card or smart card),
replacements for updates is easy.  Thousands upon thousands of users performing
user-friendly updates with a simple card swap.

Even for producing less than 500 units there are vendors ready to jump at the
chance to replace FPGA setups (because we are talking about complex 2k+ gate count).

Unlike PC's, the design wouldn't have to be retooled with every lunar cycle.
Maybe once every 6 months or a year.  

Just give Oxford Semiconductor or AMI a call.
> You think debugging a BGP wedgie(*) is tough now, remember that even IOS is
> able to do a small amount of introspection and tell you what's going on.
Is that what you call what you do to someone who provides 'fault tolerance'
through round-robin DNS? A bgp wedgie? 

> almost impossible with an ASIC or FPGA based solution...
> 
> (*) Yes, it's really called that.  Google for 'BGP Wedgie' if you don't
> believe me. :)
Ah, flashbacks of highschool. 

-RandallP
                   \|/
    /\            - O -
\  /__\    /\      /|\      /
 \/    \/\/  \_____________/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ