Dailydave mailing list archives
ASLR, Mail Spools, and Ego
From: <compsecsux () hushmail com>
Date: Mon, 1 Nov 2004 17:49:04 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey dave, sinan On the topic of greg's mail spools: I don't really think it was fair to mention the incident for a lot of reason. First of all, "everyone" didn't get a copy, infact it seems like way more people haven't seen the spools than people who have. All you did was bring to light something that makes a ( somewhat) competitor look bad. Congrats. Also, you are publically admitting to not only receiving the spools (meaning you probably have some sort of remote attachment with some people involved in the incident), and you admit to reading them. Even if someone did offer you the achives, it seems to be bad etiquette to not only read their private mails, but then to discuss about how you read them, and even the contents of the email in a public forum. I guess you pretty much set up a standard for yourself. If your email spools ever got leaked, you've spoke with your actions that distributing/reading/talking about/mocking the situation is fair game. This would probably (and hopefully) never happen, but still, what if it were you? Imagine how much everyone in this business has on the line when things like that happen. Some people choose to act ethically. This is something that I'm sure is really hard on Greg, and all you do is stand up in a public forum and quietly rub it in? Fuck you. What did he ever do to deserve it? On the topic of ASLR and Sinan the Supreme Being: I'm sure Immunity's Windows HIPS is much better than that crap everyone else is busting their asses on. Everything has it's weakness, we all know this. And 3rd party vendors working on microsoft products can only do so much, it's a limitation that makes the stuff they are doing even cooler. Yes, you can possibly off-by-one a return address. If you are dealing with string functions, you are mostly likely also going to have to have a null byte somewhere, whether it's the LSB, or not. That limits you a lot, and sometimes you can find some code that works. That's great. But, as I'm sure these "retards" writing HIPS products know, you can also do randomization up to cache alignment, and then, say your alignment is 64 bytes, you waste as most a single page of memory, and then you are going to have a really really tough time making your off-by-one work. Feel free to send your uber-leet-VSC exploits on over, and I'll give you an assesment of how well they actually stand up to current defensive technologies. I think these "proud" vendors are probably proud for a reason. Doing a solid HIPS implemtation in windows is probably a decent amount harder than say, slapping a python gui on 3rd-world-labor- exploits. I think if anything, they've come a long way, and are continuing to get better. I'm sure the authors understand their limitations, but just because it isn't 100% (which would be very hard, specially 3rd party), doesn't mean they deserve to get torn at by some arrogant dick. I don't know when you got so high headed, maybe dave is wearing off on you. I know it's current Immunity police to talk leeter than you are, but the people you mock are you doing way more for the security industry than you guys are. Atleast they show up at blackhat and share technical information, instead of just trying to show off their complete superiority. You guys are all really smart, but seriously, fuck you. A lot of the people working on this stuff you bash are spending a lot of hard time and energy, and they are making progress, even if it isn' t up to the Immunity calibre. The offense is always much easier, so don't think you're that fucking awesome. I hope this stupid text could provide you guys enough entropy to take your head's out of your asses and show some respect to the people working in the field around you. This isn't a pissing contest. I know you're much smarter than anyone at Stanford could ever be, but I'm sure I could point out some people that have given some worthwhile contributions. You guys contribute shitty ports of perl disassemblers. Woo hoo, go team. - -css -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkGG55UACgkQXwOxb3n1RzH9CACfTnxG7Q5GpF0a2P5EzX2sEJnuYEUA oKp9mnNZFZbGlRRV6dC3EB2xjf5I =SG17 -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ASLR, Mail Spools, and Ego compsecsux (Nov 01)
- Re: ASLR, Mail Spools, and Ego Dave Aitel (Nov 01)
- Re: ASLR, Mail Spools, and Ego H D Moore (Nov 01)
- Re: ASLR, Mail Spools, and Ego Sinan Eren (Nov 01)
- Re: ASLR, Mail Spools, and Ego halvar (Nov 02)
- Re: ASLR, Mail Spools, and Ego Dave Aitel (Nov 01)