Dailydave: Re: The lack of hard questions

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Dailydave mailing list archives

Re: The lack of hard questions

From: Charles Miller <cmiller () securityevaluators com>
Date: Tue, 26 Aug 2008 15:56:54 -0500

I feel a little uneasy about Microsoft declaring how exploitable  
vulnerabilities are...  That's a job I wouldn't want.  Plus, if the  
only people who can make a particular exploit reliable are Kostya and  
Alex, does that count as reliable or somewhat reliable?

Charlie

On Aug 26, 2008, at 2:21 PM, Dave Aitel wrote:

There's probably a few BlackHat talks you didn't bother to read, and
I wanted to highlight a couple:
1.
Alex Ionescuhttps://www.blackhat.com/presentations/bh-usa-08/Ionescu/BH_US_08_Ionescu_Pointers_and_Handles.pdf

The bugs themselves are local DoS's (bluescreens) and Admin->Ring0
jumps, but the methodology he used to find the bugs, and the
win32k.sys internals he discusses while explaining them are
interesting. I quickly wrote one of them up for CANVAS Early
Updates, since you never know when Blue Screening some box might
come in handy.

2.
Secure the Planet! New Strategic Initiatives from Microsoft to Rock
Your World Mike Reavey, Steve Adegbite, Katie
Moussourishttps://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf

Obviously my favorite part is the slide with CANVAS. :> But I think
it's interesting that Microsoft is doing this stuff and I don't
think people have asked them the hard questions about it yet. Also,
those are quite cool caricatures .

Recently Immunity's been tasked with something that requires the
development of a secure MSRPC application in unmanaged C++. When you
start trying to build something like this, you realize just how hard
it is for normal developers. Where web developers have thousands of
gadgets, papers, recipies, techniques, API's, and "how-tos", there
really isn't anything great on building a secure MSRPC application.
So while it's true that Microsoft is making the fastest strides in
security, it's also true they have the longest to go.

-dave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

By Date By Thread

Current thread:

The lack of hard questions Dave Aitel (Aug 26)
- Re: The lack of hard questions security curmudgeon (Aug 26)
  - Re: The lack of hard questions Dave Aitel (Aug 26)
    - Re: The lack of hard questions Mike Reavey (Sep 01)
    - Re: The lack of hard questions dan (Sep 02)
- Re: The lack of hard questions Charles Miller (Aug 26)
  - Re: The lack of hard questions Pusscat (Aug 27)
    - Message not available
    - Re: The lack of hard questions Charles Miller (Sep 01)
    - Re: The lack of hard questions ergosum (Sep 01)
    - Re: The lack of hard questions Charles Miller (Sep 02)
    - Re: The lack of hard questions Matt (Sep 03)