tag:blogger.com,1999:blog-4088979.post112367565593081162..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: More Mildly Condescending CommentsRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4088979.post-1123696110480800472005-08-10T13:48:00.000-04:002005-08-10T13:48:00.000-04:00There does not seem to be a reasonable way to disc...There does not seem to be a reasonable way to discuss this issue without causing trouble for the parties involved. Consider the issue closed.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1123693020024690882005-08-10T12:57:00.000-04:002005-08-10T12:57:00.000-04:00Richard,Pete's got a point. I went over and took ...Richard,<BR/><BR/>Pete's got a point. I went over and took a look at his blog...and his point about those who really DO know shouldn't be saying is well taken. And since I am aware of the sensitive position that you point out, I agree with his stance even more.<BR/><BR/>For someone to stand up and say, "Hey, I'm in the know, and I DO know...but I can't tell you anything about what I know" is complete BS. If you're covered by TS/SCI clearances or something even higher, and you're not supposed to talk about Fight Club, then you DON'T TALK ABOUT FIGHT CLUB! It's that simple...just telling someone that you know about it is talking about it, even if you don't give away the precious details.<BR/><BR/>It's just grandiose posturing in order to seem self-important.<BR/><BR/>Besides, you were in the military...you know as well as I do how some people go out of their way to classify their lunch schedule and their golf tee times.<BR/><BR/>H. Carvey<BR/>"Windows Forensics and Incident Recovery"<BR/>http://www.windows-ir.com<BR/>http://windowsir.blogspot.comAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1123684083018829622005-08-10T10:28:00.000-04:002005-08-10T10:28:00.000-04:00Speaking of unsupported comments and claims, where...Speaking of unsupported comments and claims, where do you suggest we go about discovering these "real" threats. AFAIK Blaster managed to drop 25% of our country's power grid last year.<BR/><BR/>You have to have a FIRM Grasp of the threat model, to identify any potential solution, you seem to have apparently identified neither. The WhiteHat(tm) disclosure model is in fact inherintly flawed, but not for the reason you are specifying.<BR/><BR/>S1nc3r3ly Urz,<BR/>Th3 M4d 4nt1-H4tt3RAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1123681390439848192005-08-10T09:43:00.000-04:002005-08-10T09:43:00.000-04:00re: My World View. My world view is that there is ...re: My World View. My world view is that there is a real threat out there. You are valiantly attempting to change that by making unsupported comments and pointing me to policy docs and press releases, but I refuse to believe it has ALL been manufactured. <BR/><BR/>I will continue to believe that the threat is real and that the white hat discovery/disclose cycle is distracting and we should be focused on the real problem.<BR/><BR/>Pete LindstromAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1123680637053540132005-08-10T09:30:00.000-04:002005-08-10T09:30:00.000-04:00Some interesting things to consider (and I'm reall...Some interesting things to consider (and I'm really enjoying the fact that I've never been TS/SCI cleared, and none of the following information is violating any of the non-disclosure agreements I've signed, and on a side note these things generally invoke a warm and fuzzy feeling in my stomach, do too my uncanny sense of morbidly tragic humor) :<BR/><BR/>1. NULLs only terminate string-based copy operations.<BR/>2. Heap overflows allow you to overwrite arbitrary memory addresses<BR/>3. There are huge chunks of writable memory in the BSS segments of the process structure of various (dare I say ALL moderately relevant) architectures that have a nice tendancy of <B>not moving within the address space across versions and patch levels</B> (M$ might have got better with this, it's not my forte)<BR/>4. It's relatively easy to footprint attack payloads<BR/>5. It's relatively easy to spring board search the area in memory likely to contain said footprint, in a small amount of code.<BR/>6. There are publicly available <A HREF="http://www.immunitysec.com/downloads/MOSDEF0.6.tgz " REL="nofollow">methods of creating covert execution channels</A>, <A HREF="http://oss.coresecurity.com/repo/InlineEgg-1.08.tar.gz" REL="nofollow">Here</A>,<A HREF="http://www.metasploit.com/tools/framework-2.4-snapshot.tar.gz" REL="nofollow"> and Here.</A><BR/>7. While we've yet to see a remote kernel-based attack released to the public, it's both naive and ignorant to assume they don't exist, in one shot multiplatform format (How many Operating Systems have TCP stacks based on 4.4BSD, someone remind me, heh ;PPPpppPppPppPPP)<BR/><BR/>What do you think our (and for the benefit of good argument, other) government has been researching for the past 8 years.<BR/><BR/>Granted, security research isn't something you can just throw money at to generate progress.... Wait, did I just say that? I must be high.<BR/><BR/>It's probably a safe bet that multiple governments have thrown <B>B</B>illion<B>s</B>, yes with a <B>B</B> and most definitely <B>plural</B>, and needless to say if they spent even 1% of that budget allotment wisely, they are light years ahead of anything that's going to hit the shelves anytime soon.<BR/><BR/>This should add a bit of scope to Mr. Bejtlich's point here. And while it may have been done in an undesirable fashion, I myself have never been one to concern myself with the impact of the information I release to the public domain, as it's the essential philosophical stance of the entire security industry.Anonymousnoreply@blogger.com