Dailydave mailing list archives
Re: The sky's downward trajectory
From: "George Ou" <george_ou () lanarchitect net>
Date: Sun, 18 Feb 2007 04:01:12 -0800
DEP is normally only activated for critical system components and left off for all applications including MS Office and Internet Explorer. From what I understand from past experience, Hardware-enforced DEP if enabled has defeated every zero-day flaw for IE in the past year (at least the ones that were in the wild) but didn't help against the MS Office exploits (at least according to Microsoft). Can these techniques you speak of defeat hardware-enforced DEP in most or all cases? George Ou From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Dave Aitel Sent: Saturday, February 17, 2007 7:10 PM To: dailydave () lists immunitysec com Subject: [Dailydave] The sky's downward trajectory http://www.fcw.com/article97658-02-13-07-Web <http://www.fcw.com/article97658-02-13-07-Web&printLayout> &printLayout """ Current U.S. cyber warfare strategy is dysfunctional, said Gen. James Cartwright, commander of the Strategic Command (Stratcom), in a speech at the Air Warfare Symposium in Orlando, Fla., last week. Offensive, defensive and reconnaissance efforts among U.S. cyber forces are incompatible and don't communicate with one another, resulting in a disjointed effort, Cartwright said. ... "They will exploit anything and everything," the senior official said, referring to the Chinese hackers' strategy. And although it is impossible to confirm the involvement of China's government, the attacks are so deliberate, "it's hard to believe it's not government-driven," the official said. ... Gen. Ronald Keys, commander of Air Combat Command, told reporters at the conference that current policies prevent the United States from pursuing cyberthreats based in foreign countries. Technology has outpaced policy in cyberspace, he said. The United States should take more aggressive measures against foreign hackers and Web sites that help others attack government systems, Keys said. It may take a cyber version of the 2001 terrorist attacks for the country to realize it must re-examine its approach to cyber warfare, he added. """ If you go into the Forbidden City, in the heart of Beijing, and walk into the museum exhibits you will see a few preserved suits of silk armor, along with swords, halberds, and various other Dungeons and Dragons style weaponry. If you know what a halberd is, you probably, like me, didn't get invited to the cool parties in high school. Let's just say it's a big stick with an ax on top. Anyways, some of the displays have a little printed notice of what they are, translated into English. Usually they say something like this "Example of a few halberds used by Such and Such. This weaponry was no match for western guns used at the time". I got the feeling the whole exhibit was a "Memorandum to self: invest in technology immediately and continue for next couple hundred years." Picking the technology to invest in is, of course, quite difficult. From many perspectives, I'm sure, Immunity's investments would seem insane. For example, Immunity Debugger is quite a strange thing to put so much emphasis in, right when DEP and other protective technologies are making remote buffer overflows a thing of the past. There are, of course, perfectly usable free debuggers. Yesterday, before most of Immunity went bowling (like all hackers, we're extremely athletic), Nico was showing me the "defeat dep" Immunity Debugger script. You type "!defeatdep" and then it has a little wizard you go through and then you've got a buffer that will do the return into libc trick to defeat DEP. Simple and easy! It's part of an "Advanced Windows Overflows" class we're teaching all next week. Nico's Immunity Debugger !heap script allows you to do do all sorts of tricks with heaps - and to defeat the next generation of heap protection, you're going to need all of it, plus some luck. Kostya's "!safeseh" script does various neat things around that as well. None of the free debuggers allow you to do this stuff, but none of the free debuggers are specifically for exploit development either. One facet of an asymmetric attack is to appear to have a disjointed effort but yet have an emergent strategic behavior that can topple an enemy. This is something I'm sure Gen. James Cartwright knows well. In Immunity's case, this enemy is DEP, SafeSEH, and related technologies - and only a couple days after Microsoft Tuesday we've released an exploit for MS07-007 that works regardless of DEP on XP SP2. Just a thought. -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The sky's downward trajectory Dave Aitel (Feb 17)
- Re: The sky's downward trajectory George Ou (Feb 18)
- Re: The sky's downward trajectory Dave Aitel (Feb 18)
- Re: The sky's downward trajectory George Ou (Feb 18)
- Message not available
- Re: The sky's downward trajectory Rhys Kidd (Feb 19)
- Re: The sky's downward trajectory endrazine (Feb 19)
- Re: The sky's downward trajectory jf (Feb 19)
- Re: The sky's downward trajectory endrazine (Feb 19)
- Re: The sky's downward trajectory jf (Feb 19)
- Re: The sky's downward trajectory Jonathan Wilkins (Feb 19)
- Re: The sky's downward trajectory Dominique Brezinski (Feb 20)
- Re: The sky's downward trajectory ol (Feb 20)
- Re: The sky's downward trajectory Dave Aitel (Feb 18)
- Re: The sky's downward trajectory George Ou (Feb 18)