Dailydave mailing list archives
The lack of hard questions
From: "Dave Aitel" <dave.aitel () gmail com>
Date: Tue, 26 Aug 2008 15:21:15 -0400
There's probably a few BlackHat talks you didn't bother to read, and I wanted to highlight a couple: **1. ***Alex Ionescu* https://www.blackhat.com/presentations/bh-usa-08/Ionescu/BH_US_08_Ionescu_Pointers_and_Handles.pdf The bugs themselves are local DoS's (bluescreens) and Admin->Ring0 jumps, but the methodology he used to find the bugs, and the win32k.sys internals he discusses while explaining them are interesting. I quickly wrote one of them up for CANVAS Early Updates, since you never know when Blue Screening some box might come in handy. 2. Secure the Planet! New Strategic Initiatives from Microsoft to Rock Your World *Mike Reavey, Steve Adegbite, Katie Moussouris* https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf Obviously my favorite part is the slide with CANVAS. :> But I think it's interesting that Microsoft is doing this stuff and I don't think people have asked them the hard questions about it yet. Also, those are quite cool caricatures . Recently Immunity's been tasked with something that requires the development of a secure MSRPC application in unmanaged C++. When you start trying to build something like this, you realize just how hard it is for normal developers. Where web developers have thousands of gadgets, papers, recipies, techniques, API's, and "how-tos", there really isn't anything great on building a secure MSRPC application. So while it's true that Microsoft is making the fastest strides in security, it's also true they have the longest to go. -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The lack of hard questions Dave Aitel (Aug 26)
- Re: The lack of hard questions security curmudgeon (Aug 26)
- Re: The lack of hard questions Dave Aitel (Aug 26)
- Re: The lack of hard questions Mike Reavey (Sep 01)
- Re: The lack of hard questions dan (Sep 02)
- Re: The lack of hard questions Dave Aitel (Aug 26)
- Re: The lack of hard questions security curmudgeon (Aug 26)
- Re: The lack of hard questions Charles Miller (Aug 26)
- Re: The lack of hard questions Pusscat (Aug 27)
- Message not available
- Re: The lack of hard questions Charles Miller (Sep 01)
- Re: The lack of hard questions ergosum (Sep 01)
- Re: The lack of hard questions Charles Miller (Sep 02)
- Re: The lack of hard questions Matt (Sep 03)
- Re: The lack of hard questions Pusscat (Aug 27)