|
Bugtraq
mailing list archives
Re: Heterogeneity as a form of obscurity, and its usefulness
From: Nicholas Weaver <nweaver () CS berkeley edu>
Date: Fri, 22 Aug 2003 11:21:31 -0700
On Thu, Aug 21, 2003 at 08:56:51PM -0700, Crispin Cowan composed:
Seems to me that obscurity is the *only* defence against exploits for
unpublished/unpatched vulnerabilities that are spreading in the cracker
community; if you can avoid being a target, by whatever means, then you
are ahead of the game.
Now that is just not true. All of the technologies in the previous
thread (StackGuard, PointGuard, ProPolice, PaX, W^X, etc.) have some
capacity to resist attacks based on unpublished/unpatched
vulnerabilities. That is their entire purpose.
Likewise, the worm research has been focusing on how to automatically
detect, analyze, and respond to a new worm or similar threat. For
some classes (eg, Scanning worms like Slammer, blaster, code red,
etc), this appears quite doable.
So the likely viable worm defenses ideally should deal with 0 day
worms, which means stopping a new vulnerability contained in a new
worm.
--
Nicholas C. Weaver nweaver () cs berkeley edu
 By Date 
By Thread
Current thread:
Re: [Full-Disclosure] Re: Buffer overflow prevention KF (Aug 15)
RE: Buffer overflow prevention Brian Glover (Aug 14)
Re: Buffer overflow prevention noir (Aug 14)
Re: Buffer overflow prevention Matt D. Harris (Aug 15)
|
Intro
