|
Firewall Wizards
mailing list archives
Re: Application-level Attacks
From: George Capehart <capegeo () opengroup org>
Date: Mon, 31 Jan 2005 22:30:02 -0500
Stephen P. Berry wrote:
<snip>
If you want a one-liner to take away from all this, I suppose my
observation in a nutshell is that we talk too much about mechanisms
and too little about consequences. This makes sense in that the latter
is very much a context-dependent thing (and therefore isnt' terribly
suitable for whitepapers and marketing blurbs), but that's where
most of the actual interesting stuff is.
Aaaaahhhhhh. The structure vs. function dichotomy rears its head again
. . . This should make for many late nights . . . :>
Cheers,
/g
--
"With sufficient thrust, pigs fly just fine." -- RFC1925
- -spb
- -----
0 What exactly, if anything, it is -not- a lousy model of is
another question altogther.
1 If a particular bug is a buffer overflow, for example, we
can certainly make some general statements about buffer
overflows---but being a buffer overflow isn't necessarily
interesting information from the risk analysis standpoint[2].
2 Mod the case where part of your defence-in-depth strategy
involves nonexecutable stacks, StackGuard or an isomorphism
thereof, Multics, or whatever.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (OpenBSD)
iD8DBQFB/YzfG3kIaxeRZl8RAgJ5AKDdfCTUE30gW99RvYae7bmG6SXHpgCfcagg
4yYWYH0tXjppHpyeCafCKQU=
=i8Dd
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
| 
Intro
