Bugtraq mailing list archives
Re: Preventing exploitation with rebasing
From: "Alan DeKok" <aland () freeradius org>
Date: Tue, 04 Feb 2003 12:26:51 -0500
Much of this thread would disappear if people used hard numbers instead of opinions. Brian Hatch <bugtraq () ifokr org> wrote:
People keep saying "but it won't stop everything", and that's true.
Exactly. Even DES isn't "perfectly" secure, (i.e. unbreakable). It *obfuscates* the data, but does not *secure* it. The benefit of DES is that it has a provable level of obfuscation. This takes the security versus obscurity argument from the realm of personal opinion to one of quantitative statements. We should have a similar goal for this discussion.
But since when have we turned down a security procedure that is not a silver bullet against all evils? I'd love to make it harder for worms to attack my systems. I'd love for them to take longer to break into the machines down the hall. That means things will spread slower, and we can stop the damage quicker. Why is this bad?
It's not. But many people are of the opinion that if a solution isn't perfect, then it's not "secure". They can then argue that no security is somehow "better" than an imperfect system. The problem with those kinds of arguments is that they don't define the terms used, or what basis is used for the measurements. The appropriate response is to ignore personal opinions, and instead ask for clarifications of terms like "useful", or "better". If attacks can be trivially re-written to work around rebasing, then it's obvious that rebasing changes the form of the attack, but not it's potential to succeed. If rebasing means that attacks have provably a lower probability of succeeding, then it's obvious that rebasing gives some additional level of obfuscation, which is generally called "security".
... any administrator who has such a "mental" vulnerability probably has several other non-rebasing related vulnerabilities on their servers anyway. They probably think that a firewall stops all attacks, so wouldn't bother rebasing in the first place. This is not a satisfying argument against rebasing.
It's an ad-hominem attack with no substance. "Stupid people use your solution, therefore your solution doesn't help." Security analysis of algorithms has always been done on the assumption of perfect implementation. Analysis of implementation or deployment/configuration bugs is a seperate analysis. Alan DeKok.
Current thread:
- Re: Preventing exploitation with rebasing, (continued)
- Re: Preventing exploitation with rebasing Eugene Tsyrklevich (Feb 04)
- Re: Preventing exploitation with rebasing Torbjörn Hovmark (Feb 04)
- Re: Preventing exploitation with rebasing dullien (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 04)
- Re[2]: Preventing exploitation with rebasing dullien (Feb 04)
- RE: Preventing exploitation with rebasing Jason Coombs (Feb 04)
- Re: Preventing exploitation with rebasing Charlie Root (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 05)
- Re: [VulnDiscuss] Re: Preventing exploitation with rebasing Halvar Flake (Feb 05)
- Re: Preventing exploitation with rebasing Brian Hatch (Feb 05)
- Re: Preventing exploitation with rebasing Alan DeKok (Feb 05)
- Re: Can't Preventing exploitation with rebasing bugtraq (Feb 05)
- Re[2]: Can't Preventing exploitation with rebasing dullien (Feb 05)
- Observation on randomization/rebiasing... Nicholas Weaver (Feb 05)
- RE: Observation on randomization/rebiasing... Jason Coombs (Feb 05)
- Re: Preventing exploitation with rebasing Crispin Cowan (Feb 05)
- Re: Preventing exploitation with rebasing David S Goldberg (Feb 05)
- Re: Preventing exploitation with rebasing Alun Jones (Feb 05)
- Re: Preventing exploitation with rebasing Deus, Attonbitus (Feb 06)