Bugtraq mailing list archives
Re: Firekeeper - IDS for Firefox available
From: Bob Beck <beck () bofh cns ualberta ca>
Date: Tue, 13 Mar 2007 13:29:14 -0600
Isn't it the case with every software created to add some protection to you computer? Firewalls, antiviruses, IDSes etc. are all adding code to your operating system that may, in the future, be found vulnerable to some attack. It is just the question whether protection they provide compensates additional threat they may introduce.
Yes, protection can mean added code, but consider the kind of code and where it is running. Typically I run an IDS such as snort on a tap interface with no access to send anything out. in particular, it's not looking at endpoint traffic after it's decrypted. Why? IDS's are big complicated things that to lots of string a byte comparisons against data provided by an attacker, the kind of code that is easy for the author to make mistakes in that lead to compromisable situations. So if snort is compromised, all the attacker typically gets without more work is the ablility to sniff, not the ablility to look at encrypted traffic in the clear, and ideally not the ability to send traffic out. Other programs (i.e. ssh) deal with complexity like this by attempting to isolate the privileges that the code doing most of the string bashing is running as - i.e. a privsep model, so if you break a piece of it (at least in most of the code) you *Don't* see encrypted traffic or passwords If this critter is compromised, he likely gets the entire endpoint machine, or if not, he most likely for sure gets the ability to read decrypted https streams. - Fix the browser bugs rather than having another plugin to look for them. -Bob
Current thread:
- Firekeeper - IDS for Firefox available Jan Wrobel (Mar 07)
- Re: Firekeeper - IDS for Firefox available Jex (Mar 09)
- Re: Firekeeper - IDS for Firefox available Bob Beck (Mar 10)
- Re: Firekeeper - IDS for Firefox available Jan Wrobel (Mar 13)
- Re: Firekeeper - IDS for Firefox available Bob Beck (Mar 13)
- Re: Firekeeper - IDS for Firefox available Gadi Evron (Mar 15)
- Re: Firekeeper - IDS for Firefox available Bob Beck (Mar 10)
- Re: Firekeeper - IDS for Firefox available Jan Wrobel (Mar 13)
- Re: Firekeeper - IDS for Firefox available Jex (Mar 09)
- <Possible follow-ups>
- Re: Re: Firekeeper - IDS for Firefox available irondell (Mar 13)