Bugtraq mailing list archives
Re: Heterogeneity as a form of obscurity, and its usefulness
From: Nicholas Weaver <nweaver () CS berkeley edu>
Date: Fri, 22 Aug 2003 11:21:31 -0700
On Thu, Aug 21, 2003 at 08:56:51PM -0700, Crispin Cowan composed:
Seems to me that obscurity is the *only* defence against exploits for unpublished/unpatched vulnerabilities that are spreading in the cracker community; if you can avoid being a target, by whatever means, then you are ahead of the game.Now that is just not true. All of the technologies in the previous thread (StackGuard, PointGuard, ProPolice, PaX, W^X, etc.) have some capacity to resist attacks based on unpublished/unpatched vulnerabilities. That is their entire purpose.
Likewise, the worm research has been focusing on how to automatically detect, analyze, and respond to a new worm or similar threat. For some classes (eg, Scanning worms like Slammer, blaster, code red, etc), this appears quite doable. So the likely viable worm defenses ideally should deal with 0 day worms, which means stopping a new vulnerability contained in a new worm. -- Nicholas C. Weaver nweaver () cs berkeley edu
Current thread:
- Re: Buffer overflow prevention, (continued)
- Re: Buffer overflow prevention Peter Busser (Aug 18)
- Re: Buffer overflow prevention Thomas Sjögren (Aug 14)
- Re: Buffer overflow prevention Shaun Clowes (Aug 15)
- Re: Buffer overflow prevention Crispin Cowan (Aug 15)
- Re: Buffer overflow prevention Shaun Clowes (Aug 18)
- Re: Buffer overflow prevention Crispin Cowan (Aug 18)
- Re: Buffer overflow prevention Mark Handley (Aug 18)
- Re: Buffer overflow prevention Crispin Cowan (Aug 18)
- Heterogeneity as a form of obscurity, and its usefulness Bob Rogers (Aug 22)
- Re: Heterogeneity as a form of obscurity, and its usefulness Crispin Cowan (Aug 22)
- Re: Heterogeneity as a form of obscurity, and its usefulness Nicholas Weaver (Aug 22)
- Re: Buffer overflow prevention Patrick Dolan (Aug 14)
- Re: Buffer overflow prevention Theo de Raadt (Aug 18)