Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Heterogeneity as a form of obscurity, and its usefulness
From: Nicholas Weaver <nweaver () CS berkeley edu>
Date: Fri, 22 Aug 2003 11:21:31 -0700

On Thu, Aug 21, 2003 at 08:56:51PM -0700, Crispin Cowan composed:

Seems to me that obscurity is the *only* defence against exploits for
unpublished/unpatched vulnerabilities that are spreading in the cracker
community; if you can avoid being a target, by whatever means, then you
are ahead of the game.

Now that is just not true. All of the technologies in the previous 
thread (StackGuard, PointGuard, ProPolice, PaX, W^X, etc.) have some 
capacity to resist attacks based on unpublished/unpatched 
vulnerabilities. That is their entire purpose.

Likewise, the worm research has been focusing on how to automatically
detect, analyze, and respond to a new worm or similar threat.  For
some classes (eg, Scanning worms like Slammer, blaster, code red,
etc), this appears quite doable.

So the likely viable worm defenses ideally should deal with 0 day
worms, which means stopping a new vulnerability contained in a new
worm.

-- 
Nicholas C. Weaver                                 nweaver () cs berkeley edu


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]