| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100905154846.2F0C.0@paddy.troja.mff.cuni.cz> Date: Sun, 5 Sep 2010 16:14:11 +0200 (CEST) From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz> To: full-disclosure@...ts.grok.org.uk Subject: Re: DLL hijacking with Autorun on a USB drive On Thu, 2 Sep 2010 Valdis.Kletnieks@...edu wrote: > Yeah, but hacking a Harvard architecture is still balls harder than > hacking a von Neumann architecture. ;) It depends. Can Harvard architecture stop a careless program from loading a malicious DLL? From interpreting parts of data files as programs in some kind of script language? On Thu, 2 Sep 2010, coderman wrote: > there are some useful mitigations around these inevitable failures, > http://qubes-os.org/Architecture.html is an example of isolation > rather than correctness i've liked since NetTop wrapped RSBAC policy > around vmware guest isolation... Actually, you prove my point. Qubes OS does not try to separate code and data. It does not rely on the code (other than its own) behaving as expected. It throws everything in an isolated box and makes sure nothing leaves the box and enters another one without your explicit approval. -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21st century edition / _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists