Re: Dep and aslr and /gs and so on

[Jeremy Brown <0xjbrown41 () gmail com>]

Agreed, Dave. But when a company such as Microsoft, in this example,
keeps adding protections to Windows instead of implementing possibly a
central kernel base to keep things relative and smooth, then clutter
and chaos are free to unite (and ignite). From the Linux perspective,
all around, things seem to be done more efficiently. Are applications
more secure on Linux? Not really. But a result of protections readily
available on Linux distributions (honorable mentioned on BSD
derivatives and Solaris) has nearly diminished public exploits for
applications that result in stack smashing or otherwise memory-related
exploitation.

2009/3/26 Dave Aitel <dave.aitel () gmail com>:
> So over and over for several years now you can hear people in the offensive
> information security talk in despair about the new Microsoft protection
> measures. But here's the thing as I see it - if you tell yourself its
> impossible, then it definitely will be.  As Joe Bennet from "Lipstick
> Jungle" would say: "Plan for success!".
>
> All of the new security technologies coming out total a one or two order of
> magnitude increase in an attacker's costs. That's not impossible, that's
> just inflation. So deal.
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave