http://www.darkreading.com/blog.asp?blog_sectionid=342&WT.svl=blogger1_1
What can I say...we are dorks.
Friday, December 29, 2006
Wednesday, December 27, 2006
Applescript vs. VBS
http://blog.info-pull.com/2006/12/26/applescript-even-easier-than-vbs-i/
Of course this will be denounced by the rabid Mac loyal as just more attempts to discredit the security of Apple. I can’t agree more! The sad thing is its really not that hard to do.
Just remember, there isn’t a lot of malware for Apple because the market is so small and insignificant it’s not profitable for malware authors, not that OSX is more secure.
Of course this will be denounced by the rabid Mac loyal as just more attempts to discredit the security of Apple. I can’t agree more! The sad thing is its really not that hard to do.
Just remember, there isn’t a lot of malware for Apple because the market is so small and insignificant it’s not profitable for malware authors, not that OSX is more secure.
Tuesday, December 26, 2006
Quick, audit DRM
http://www.miraesoft.com/karel/2006/12/25/cost-analysis-of-windows-vista-content-protection/
No sooner than I made my previous post that I ran across this excellent analysis of a paper written by Peter Gutmann describing why DRM is bad. This is of course a massive oversimplification of the paper, so I suggest you read the analysis and the paper.
DRM and trusted computing in general is very interesting to me as it has a massive impact on what I do. I am not just saying that because I just started auditing the trusted computing capabilities for Vista (including Bitlocker, those guys really put a lot of thought into different possible attack scenarios). People who write DRM software don’t want people like me poking around in their process address space with my fancy debuggers and stuff like that. This means that doing things like reversing applications and tracing their execution flow will get hard which means that finding and writing exploits for bugs will get harder. Keep in mind this doesn’t mean that the bugs will go away; it means that new techniques for finding them will be developed.
Looking at the use of 0day in targeted attacks these days if I were doing bug hunting for the money I would be targeting DRM apps like crazy now as finding a vuln would give you something of greater value because you know it won’t be easily duplicated, it would be hard to track down, and that a fix would not be anything that a vendor could turn around very quickly.
No sooner than I made my previous post that I ran across this excellent analysis of a paper written by Peter Gutmann describing why DRM is bad. This is of course a massive oversimplification of the paper, so I suggest you read the analysis and the paper.
DRM and trusted computing in general is very interesting to me as it has a massive impact on what I do. I am not just saying that because I just started auditing the trusted computing capabilities for Vista (including Bitlocker, those guys really put a lot of thought into different possible attack scenarios). People who write DRM software don’t want people like me poking around in their process address space with my fancy debuggers and stuff like that. This means that doing things like reversing applications and tracing their execution flow will get hard which means that finding and writing exploits for bugs will get harder. Keep in mind this doesn’t mean that the bugs will go away; it means that new techniques for finding them will be developed.
Looking at the use of 0day in targeted attacks these days if I were doing bug hunting for the money I would be targeting DRM apps like crazy now as finding a vuln would give you something of greater value because you know it won’t be easily duplicated, it would be hard to track down, and that a fix would not be anything that a vendor could turn around very quickly.
Old things will be new again
A lot of hype has been made recently over the fact a Vista exploit has been found for sale on a Russian site. There has been lots of media coverage and I am sure that people will take this opportunity to once again make Microsoft a bad guy and claim that all the security effort that was put into their new OS is for nothing. Don’t get me wrong, I am happy to point out when companies do things wrong (like the *cough*Zune*cough*) but don’t take this exploit to mean Vista isn’t more secure. The exploit is local only meaning that an attacker has to already have logged into a machine to take advantage of this flaw. I think Microsoft did their best when in auditing Vista, the problem is that they still have tons and tons of legacy code, shared across many OSes that will be a source of problems for years to come. We call this problem “legacy negligence.”
Legacy negligence can best be described by having large amounts of legacy code that is maintained for backward compatibility reasons or that priority is given to adding new features and functionality instead of refining existing code. The WMF flaw is a perfect example of this, it wasn’t even a flaw, it was a long forgotten feature. Look for more of these types of bugs to popup in Microsoft products as well as other vendors like Apple and Oracle.
Legacy negligence can best be described by having large amounts of legacy code that is maintained for backward compatibility reasons or that priority is given to adding new features and functionality instead of refining existing code. The WMF flaw is a perfect example of this, it wasn’t even a flaw, it was a long forgotten feature. Look for more of these types of bugs to popup in Microsoft products as well as other vendors like Apple and Oracle.
Wednesday, December 06, 2006
New Blog
This is where you will find thoughts, musings, and information from the members of Errata Security.
Subscribe to:
Posts (Atom)
