Dailydave mailing list archives
Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes)
From: "Rhys Kidd" <rhyskidd () gmail com>
Date: Thu, 16 Nov 2006 20:19:29 +0800
On 11/16/06, dan () geer org <dan () geer org> wrote:
| I think the real point here is that the majority of people responsible | for security have a backwards mindset. Most security practitioners | still don't make the assumption that everything is vulnerable and | design around it. Of course IIS is vulnerable to an unpublished 0day. so, should one write apps with the assumption that will be running on compromised hosts? --dan
Or maybe one should write apps with the assumption that their code will be the REASON they are running on compromised hosts, so they drop root priveleges as soon as possible, scan code with Coverity/smatch/flawfinder, and utilise compiler-time protections where available (SafeSEH, /GS, ASLR bit). case-in-point: MS released their latest DCERPC/SMB patches this month, but it doesn't mean they now turn around and say to customers that, "Oh, yeah that's the last of them resolved, our products are now secure again". - Rhys
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes), (continued)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Steve Manzuik (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Paul Melson (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Steve Manzuik (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Olef Anderson (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Nicolas RUFF (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) David Maynor (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Daniel (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Siim Põder (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Matt Richard (Nov 15)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) dan (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Rhys Kidd (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Matt Richard (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Dave Aitel (Nov 16)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Steve Manzuik (Nov 13)