any comments on this one?
http://www.securiteam.com/exploits/6A00J0UBGS.html
http://comment.zdnet.co.uk/other/0,39020682,39163267-2,00.htm
some other security links;
http://lists.netsys.com/pipermail/full-disclosure/2004-October/
http://news.ists.dartmouth.edu/todaysnews.html
-
-
NEWS FLASH: If there is a setting the user can change, a program can change it too, and there's nothing you can do about it. Nothing. Whatsoever.
Film at eleven. -
agree with you...
-
Well Kaelan, that is not the problem.
The attack consumes memory on a trusted process and bind to any port and listen for connections.
I know outpost firewall has process control, however the icf has not.
You have the DEP with xp sp2, but its bound to your hardware.
-
Windows file protection should be able to pick it up.
http://www.giac.org/practical/GSEC/Ditmar_den_Engelsen_GSEC.pdf -
ZippyV
Fired Up
I agree with Beer28: The Windows file system is a big fat mess.
I do think that Windows is structured but it's only 'virtual'. -
manickernel
anticipate consequences..
I have a HP DL380 running Linux Kernel 2.4.20-31.9. The cciss driver for the scsi 5i array has been problematic. Hp provides "softpaks" to load the correct, or optimized drivers, but unless you have the base kernel then you need to load source and recompile. Ok, I can do this, but why?
For instance, I have to do this just to get it to see my tape drive.
for x in /proc/driver/cciss/cciss[0-9]*
do
echo "engage scsi" > $x
done
I like HAL.
-
manickernel
anticipate consequences..
Prog.. great thread.
Stateful Outbound filtering is a must in any current firewall implementation.
EDIT: Beer, I surrender to Gorgeous Fembots with a penchant for evil.
HERE
-
manickernel
anticipate consequences..
Beer28 wrote:
The last point is that your kernel is SERIOUSLY outdated,
Oh yeah, RH9 12 months ago. So if I have 30-40 servers I want to be upgrading them every 3 months?
EDIT: And in this particular instance, I have a live Oracle 9i database and Arcserve running. Popping new kernels in there for the fun of it just kinda tends to screw things up big-time. I need a stable, supported, system for business applications. For development, webapps, and home use Linux is great. No good for enterprise apps unless you go with ASE, and then you are paying much more than with MS. -
manickernel
anticipate consequences..
Ok, another real world deal.
We have an AIX box running SAMBA. Need to allow a specific user read-write-delete on one specific file in a directory, should only have read or nothing on other files in that directory. Give me that in Unix.
And forget the Samba part, how do you granuarlize permissions as Windows does? -
Its a design and backward compatiblity issue.
And the cost assosiated with patching clients, are huge.
Here is what Forester Group says;
"The cost to patch 5,000 desktops is more than $1 million, an average of $254 per desktop," said Yankee Group analyst Phebe Waterfield. "Between Jan. 2003 and Jan. 2004 Microsoft released 40 desktop-related security patches, driving the cost to maintain completely up-to-date patch levels to an astronomical $40 million per year."
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci951006,00.html
http://www.yankeegroup.com/ac/2004/sss-11226/index.html
Longhorn Security Approach
In order to take security to the next level, Microsoft is integrating a new security environment into the "Longhorn" version of Windows. They refer to this security environment as the Next-Generation Secure Computing Base (NGSCB). NGSCB allows applications to send cryptographic communication between hardware and software. To enable NGSCB environments, you must have a Trusted Computing Base, which is comprised of nexus (a new operating system module) and the software components that enable NGSCB.
Before examining how this environment works, it is important to understand that NGSCB runs alongside the operating system, meaning that it runs in an isolated way to secure applications and data within the environment, but does not hinder the operating system and its functions. This also means that it runs its own software stack that is separate from the operating system’s software stack. A system that leverages nexus has four main components: Protected Memory, Attestation, Sealed Storage, and Secure Input/Output.
- Protected Memory: With protected memory, portions of main memory are partitioned in a separate space that is unavailable for usage or even observation by other applications. Thus, for example, if you were to create a nexus-aware financial application,
you could feel confident that the main memory used to run the application would remain isolated from all other applications. This isolation would occur while the application was running and would enhance overall privacy.
- Attestation: Attestation is a process by which code can digitally sign data that is received or viewed by the user. This is a low-level way for applications to verify that the data received from the software stack is not only encrypted, but also
uncompromised. Therefore, as your financial application performs calculations on your revenue data and transfers this data back and forth from the software stack, your software digitally signs the data to ensure that no external entity has tampered with it
or altered it in any way during this transfer.
- Sealed Storage: Nexus-aware applications also have the ability to apply sealed storage capability to information created by the application. This means that an application can designate whether or not to allow another set of trusted applications
(which are acknowledged in a cryptographic method) to access the information. Therefore, if you create financial statements from your application, you can restrict data access to this nexus-aware application, or you can assign a group of trusted applications
that can open the statements as well.
- Secure Input/Output: Another key feature of a nexus-aware machine is its data transfer between hardware and software components. Secure input and output mechanisms encrypt every keystroke and mouse click before sending it to the application. The
system also encrypts data before returning it to the monitor, ensuring more security between the peripheral devices and the application.
http://www.intel.com/cd/ids/developer/asmo-na/eng/technologies/security/97003.htm?page=2
- Protected Memory: With protected memory, portions of main memory are partitioned in a separate space that is unavailable for usage or even observation by other applications. Thus, for example, if you were to create a nexus-aware financial application,
you could feel confident that the main memory used to run the application would remain isolated from all other applications. This isolation would occur while the application was running and would enhance overall privacy.
Thread Closed
This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.